Medium: subversion

2013-09-0413:32:00

alas.aws.amazon.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

71.2%

JSON

Issue Overview:

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.

Affected Packages:

subversion

Issue Correction:
Run yum update subversion to update your system.

New Packages:

i686:  
    subversion-perl-1.7.13-1.32.amzn1.i686  
    subversion-javahl-1.7.13-1.32.amzn1.i686  
    subversion-python-1.7.13-1.32.amzn1.i686  
    subversion-ruby-1.7.13-1.32.amzn1.i686  
    subversion-libs-1.7.13-1.32.amzn1.i686  
    mod_dav_svn-1.7.13-1.32.amzn1.i686  
    subversion-tools-1.7.13-1.32.amzn1.i686  
    subversion-debuginfo-1.7.13-1.32.amzn1.i686  
    subversion-devel-1.7.13-1.32.amzn1.i686  
    subversion-1.7.13-1.32.amzn1.i686  
  
src:  
    subversion-1.7.13-1.32.amzn1.src  
  
x86_64:  
    subversion-debuginfo-1.7.13-1.32.amzn1.x86_64  
    subversion-python-1.7.13-1.32.amzn1.x86_64  
    subversion-libs-1.7.13-1.32.amzn1.x86_64  
    subversion-javahl-1.7.13-1.32.amzn1.x86_64  
    subversion-devel-1.7.13-1.32.amzn1.x86_64  
    mod_dav_svn-1.7.13-1.32.amzn1.x86_64  
    subversion-perl-1.7.13-1.32.amzn1.x86_64  
    subversion-tools-1.7.13-1.32.amzn1.x86_64  
    subversion-ruby-1.7.13-1.32.amzn1.x86_64  
    subversion-1.7.13-1.32.amzn1.x86_64

Additional References

Red Hat: CVE-2013-4131

Mitre: CVE-2013-4131

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686subversion-perl< 1.7.13-1.32.amzn1subversion-perl-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion-javahl< 1.7.13-1.32.amzn1subversion-javahl-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion-python< 1.7.13-1.32.amzn1subversion-python-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion-ruby< 1.7.13-1.32.amzn1subversion-ruby-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion-libs< 1.7.13-1.32.amzn1subversion-libs-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686mod_dav_svn< 1.7.13-1.32.amzn1mod_dav_svn-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion-tools< 1.7.13-1.32.amzn1subversion-tools-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion-debuginfo< 1.7.13-1.32.amzn1subversion-debuginfo-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion-devel< 1.7.13-1.32.amzn1subversion-devel-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux1i686subversion< 1.7.13-1.32.amzn1subversion-1.7.13-1.32.amzn1.i686.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	subversion-perl	< 1.7.13-1.32.amzn1	subversion-perl-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-javahl	< 1.7.13-1.32.amzn1	subversion-javahl-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-python	< 1.7.13-1.32.amzn1	subversion-python-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-ruby	< 1.7.13-1.32.amzn1	subversion-ruby-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-libs	< 1.7.13-1.32.amzn1	subversion-libs-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	mod_dav_svn	< 1.7.13-1.32.amzn1	mod_dav_svn-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-tools	< 1.7.13-1.32.amzn1	subversion-tools-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-debuginfo	< 1.7.13-1.32.amzn1	subversion-debuginfo-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-devel	< 1.7.13-1.32.amzn1	subversion-devel-1.7.13-1.32.amzn1.i686.rpm
Amazon Linux	1	i686	subversion	< 1.7.13-1.32.amzn1	subversion-1.7.13-1.32.amzn1.i686.rpm