Test ID:	1.3.6.1.4.1.25623.1.0.831415
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for subversion MDVSA-2011:106 (subversion)
Summary:	The remote host is missing an update for the 'subversion'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'subversion' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities were discovered and corrected in subversion: The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a DoS (Denial Of Service) (CVE-2011-1752). The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a DoS (Denial Of Service) (CVE-2011-1783). The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users (CVE-2011-1921). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been upgraded to the 1.6.17 version which is not vulnerable to these issues. Affected Software/OS: subversion on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1752 1025617 http://www.securitytracker.com/id?1025617 44633 http://secunia.com/advisories/44633 44681 http://secunia.com/advisories/44681 44849 http://secunia.com/advisories/44849 44879 http://secunia.com/advisories/44879 44888 http://secunia.com/advisories/44888 45162 http://secunia.com/advisories/45162 48091 http://www.securityfocus.com/bid/48091 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html DSA-2251 http://www.debian.org/security/2011/dsa-2251 FEDORA-2011-8341 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html FEDORA-2011-8352 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html MDVSA-2011:106 http://www.mandriva.com/security/advisories?name=MDVSA-2011:106 RHSA-2011:0861 http://www.redhat.com/support/errata/RHSA-2011-0861.html RHSA-2011:0862 http://www.redhat.com/support/errata/RHSA-2011-0862.html USN-1144-1 http://www.ubuntu.com/usn/USN-1144-1 http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://support.apple.com/kb/HT5130 http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES https://bugzilla.redhat.com/show_bug.cgi?id=709111 oval:org.mitre.oval:def:18922 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18922 Common Vulnerability Exposure (CVE) ID: CVE-2011-1783 1025618 http://www.securitytracker.com/id?1025618 http://subversion.apache.org/security/CVE-2011-1783-advisory.txt https://bugzilla.redhat.com/show_bug.cgi?id=709112 oval:org.mitre.oval:def:18889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889 Common Vulnerability Exposure (CVE) ID: CVE-2011-1921 1025619 http://www.securitytracker.com/id?1025619 http://subversion.apache.org/security/CVE-2011-1921-advisory.txt https://bugzilla.redhat.com/show_bug.cgi?id=709114 oval:org.mitre.oval:def:18999 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999 subversion-control-rules-info-disc(67804) https://exchange.xforce.ibmcloud.com/vulnerabilities/67804
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.