GoogleOSV:DSA-2703-1subversion - several
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.006 Low
EPSS
Percentile
75.7%
Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems:
- CVE-2013-1968
Subversion repositories with the FSFS repository data store format
can be corrupted by newline characters in filenames. A remote
attacker with a malicious client could use this flaw to disrupt the
service for other users using that repository. - CVE-2013-2112
Subversion’s svnserve server process may exit when an incoming TCP
connection is closed early in the connection process. A remote
attacker can cause svnserve to exit and thus deny service to users
of the server.
For the oldstable distribution (squeeze), these problems have been fixed in
version 1.6.12dfsg-7.
For the stable distribution (wheezy), these problems have been fixed in
version 1.6.17dfsg-4+deb7u3.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your subversion packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| subversion | eq | 1.6.17dfsg-4+deb7u2 |
References
Related
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.006 Low
EPSS
Percentile
75.7%