Security Bulletin: Vulnerabilities in Subversion release shipped in Netcool/Impact (CVE-2013-1968)

Summary

If you are using Subversion for version control in Netcool/Impact you may be affected by this vulnerability. Description is Subversion FSFS repositories can be corrupted by newline characters in filenames. More detail available at this link http://subversion.apache.org/security/CVE-2013-1968-advisory.txt

Vulnerability Details

CVEID: CVE-2013-1968
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84717&gt;
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P)

Affected Products and Versions

Netcool/Impact releases 5.1.x through 6.1.x

Remediation/Fixes

The suggested remediation is to upgrade the level of Subversion on your installation. See this link for release details.
http://subversion.apache.org/security/CVE-2013-1968-advisory.txt
Instruction on how to configure Netcool/Impact for new releases of Subversion are listed here :
<http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/topic/com.ibm.netcoolimpact.doc6.1/admin/imag_version_version_control_overview_c.html&gt;
<http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/topic/com.ibm.netcoolimpact.doc6.1/admin/imag_version_configuring_version_control_c.html&gt;

The instructions are the same for all releases of Netcool/Impact.

Workarounds and Mitigations

See http://subversion.apache.org/security/CVE-2013-1968-advisory.txt