It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187 __)
An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. (CVE-2015-5259 __)
It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184 __)
It was found that the mod_dav_svn module was vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies, allowing an attacker with write access to a repository to cause a denial of service attack (on 32-bit or 64-bit servers) or possibly execute arbitrary code (on 32-bit servers only) under the context of the httpd process. (CVE-2015-5343 __)
Run yum update mod_dav_svn to update your system.
Run yum update subversion to update your system.
i686: mod_dav_svn-1.8.15-1.52.amzn1.i686 mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.i686 mod24_dav_svn-1.8.15-1.54.amzn1.i686 subversion-tools-1.8.15-1.54.amzn1.i686 subversion-1.8.15-1.54.amzn1.i686 subversion-python27-1.8.15-1.54.amzn1.i686 subversion-javahl-1.8.15-1.54.amzn1.i686 subversion-ruby-1.8.15-1.54.amzn1.i686 subversion-perl-1.8.15-1.54.amzn1.i686 subversion-debuginfo-1.8.15-1.54.amzn1.i686 subversion-devel-1.8.15-1.54.amzn1.i686 subversion-libs-1.8.15-1.54.amzn1.i686 subversion-python26-1.8.15-1.54.amzn1.i686 src: mod_dav_svn-1.8.15-1.52.amzn1.src subversion-1.8.15-1.54.amzn1.src x86_64: mod_dav_svn-1.8.15-1.52.amzn1.x86_64 mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.x86_64 subversion-debuginfo-1.8.15-1.54.amzn1.x86_64 subversion-devel-1.8.15-1.54.amzn1.x86_64 subversion-libs-1.8.15-1.54.amzn1.x86_64 subversion-javahl-1.8.15-1.54.amzn1.x86_64 subversion-tools-1.8.15-1.54.amzn1.x86_64 mod24_dav_svn-1.8.15-1.54.amzn1.x86_64 subversion-python26-1.8.15-1.54.amzn1.x86_64 subversion-python27-1.8.15-1.54.amzn1.x86_64 subversion-ruby-1.8.15-1.54.amzn1.x86_64 subversion-1.8.15-1.54.amzn1.x86_64 subversion-perl-1.8.15-1.54.amzn1.x86_64