7.8 - GLSA-201309-11

Executive Summary

Summary
Title	Subversion: Multiple vulnerabilities

Informations
Name	GLSA-201309-11	First vendor Publication	2013-09-23
Vendor	Gentoo	Last vendor Modification	2013-09-23
Severity (Vendor)	Low	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information.

Background

Subversion is a versioning system designed to be a replacement for CVS.

Description

Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause a Denial of Service condition or obtain sensitive information. A local attacker could escalate his privileges to the user running svnserve.

Workaround

There is no known workaround at this time.

Resolution

All Subversion users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13"

References

[ 1 ] CVE-2010-4539 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539
[ 2 ] CVE-2010-4644 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644
[ 3 ] CVE-2011-0715 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715
[ 4 ] CVE-2011-1752 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752
[ 5 ] CVE-2011-1783 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783
[ 6 ] CVE-2011-1921 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921
[ 7 ] CVE-2013-1845 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845
[ 8 ] CVE-2013-1846 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846
[ 9 ] CVE-2013-1847 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847
[ 10 ] CVE-2013-1849 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849
[ 11 ] CVE-2013-1884 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884
[ 12 ] CVE-2013-1968 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968
[ 13 ] CVE-2013-2088 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088
[ 14 ] CVE-2013-2112 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112
[ 15 ] CVE-2013-4131 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131
[ 16 ] CVE-2013-4277 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-11.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201309-11.xml

CWE : Common Weakness Enumeration

%	Id	Name
40 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
20 %	CWE-399	Resource Management Errors
20 %	CWE-264	Permissions, Privileges, and Access Controls
10 %	CWE-476	NULL Pointer Dereference
10 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12713

Oval ID:	oval:org.mitre.oval:def:12713
Title:	DSA-2251-1 subversion -- several
Description:	Several vulnerabilities were discovered in Subversion, the version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1752 The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. CVE-2011-1783 The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. CVE-2011-1921 The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.
Family:	unix	Class:	patch
Reference(s):	DSA-2251-1 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	subversion
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND subversion DPKG is earlier than 1.5.1dfsg1-7 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND subversion DPKG is earlier than 1.6.12dfsg-6

Definition Id: oval:org.mitre.oval:def:12798

Oval ID:	oval:org.mitre.oval:def:12798
Title:	USN-1053-1 -- subversion vulnerabilities
Description:	It was discovered that Subversion incorrectly handled certain "partial access" privileges in rare scenarios. Remote authenticated users could use this flaw to obtain sensitive information . This issue only applied to Ubuntu 6.06 LTS. It was discovered that the Subversion mod_dav_svn module for Apache did not properly handle a named repository as a rule scope. Remote authenticated users could use this flaw to bypass intended restrictions. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. It was discovered that the Subversion mod_dav_svn module for Apache incorrectly handled the walk function. Remote authenticated users could use this flaw to cause the service to crash, leading to a denial of service. It was discovered that Subversion incorrectly handled certain memory operations. Remote authenticated users could use this flaw to consume large quantities of memory and cause the service to crash, leading to a denial of service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10
Family:	unix	Class:	patch
Reference(s):	USN-1053-1 CVE-2007-2448 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06	Product(s):	subversion
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libsvn-doc DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libsvn-javahl DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libsvn-ruby DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libsvn-dev DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND python-subversion-dbg DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libapache2-svn DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libsvn-ruby1.8 DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND python-subversion DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libsvn1 DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND subversion DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libsvn-java DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 AND libsvn-perl DPKG is earlier than 1.4.6dfsg1-2ubuntu1.2 OR Release section Ubuntu 10.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND libsvn-doc DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND libsvn-ruby DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libsvn-dev DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND python-subversion-dbg DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND libapache2-svn DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND libsvn-ruby1.8 DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND python-subversion DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND libsvn-java DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND subversion DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND libsvn1 DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 AND libsvn-perl DPKG is earlier than 1.6.12dfsg-1ubuntu1.1 OR Release section Ubuntu 10.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND libsvn-doc DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND libsvn-ruby DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is armel AND Packages section libsvn-dev DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND python-subversion-dbg DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND libapache2-svn DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND libsvn-ruby1.8 DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND python-subversion DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND libsvn-java DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND subversion DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND libsvn1 DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 AND libsvn-perl DPKG is earlier than 1.6.6dfsg-2ubuntu1.1 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND libsvn-doc DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND libsvn-ruby DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is lpia AND Packages section libsvn-dev DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND python-subversion-dbg DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND libapache2-svn DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND libsvn-ruby1.8 DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND python-subversion DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND libsvn-java DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND subversion DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND libsvn1 DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 AND libsvn-perl DPKG is earlier than 1.6.5dfsg-1ubuntu1.1 OR Release section Ubuntu 6.06 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.3.1-3ubuntu1.3 AND python2.4-subversion DPKG is earlier than 1.3.1-3ubuntu1.3 AND libsvn-doc DPKG is earlier than 1.3.1-3ubuntu1.3 AND libsvn-ruby DPKG is earlier than 1.3.1-3ubuntu1.3 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libsvn0-dev DPKG is earlier than 1.3.1-3ubuntu1.3 AND libsvn-core-perl DPKG is earlier than 1.3.1-3ubuntu1.3 AND libapache2-svn DPKG is earlier than 1.3.1-3ubuntu1.3 AND libsvn-ruby1.8 DPKG is earlier than 1.3.1-3ubuntu1.3 AND python-subversion DPKG is earlier than 1.3.1-3ubuntu1.3 AND libsvn0 DPKG is earlier than 1.3.1-3ubuntu1.3 AND subversion DPKG is earlier than 1.3.1-3ubuntu1.3 AND libsvn-javahl DPKG is earlier than 1.3.1-3ubuntu1.3

Definition Id: oval:org.mitre.oval:def:12980

Oval ID:	oval:org.mitre.oval:def:12980
Title:	DSA-2181-1 subversion -- denial of service
Description:	Philip Martin discovered that HTTP-based Subversion servers crash when processing lock requests on repositories which support unauthenticated read access.
Family:	unix	Class:	patch
Reference(s):	DSA-2181-1 CVE-2011-0715	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	subversion
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND subversion DPKG is earlier than 1.5.1dfsg1-6 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND subversion DPKG is earlier than 1.6.12dfsg-5

Definition Id: oval:org.mitre.oval:def:13766

Oval ID:	oval:org.mitre.oval:def:13766
Title:	USN-1096-1 -- subversion vulnerability
Description:	Philip Martin discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests containing a lock token. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service.
Family:	unix	Class:	patch
Reference(s):	USN-1096-1 CVE-2011-0715	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06	Product(s):	subversion
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libsvn-doc DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libsvn-javahl DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libsvn-ruby DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libsvn-dev DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND python-subversion-dbg DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libapache2-svn DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libsvn-ruby1.8 DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND python-subversion DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libsvn1 DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND subversion DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libsvn-java DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 AND libsvn-perl DPKG is earlier than 1.4.6dfsg1-2ubuntu1.3 OR Release section Ubuntu 10.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND libsvn-doc DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND libsvn-ruby DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libsvn-dev DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND python-subversion-dbg DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND libapache2-svn DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND libsvn-ruby1.8 DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND python-subversion DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND libsvn-java DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND subversion DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND libsvn1 DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 AND libsvn-perl DPKG is earlier than 1.6.12dfsg-1ubuntu1.2 OR Release section Ubuntu 10.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND libsvn-doc DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND libsvn-ruby DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is armel AND Packages section libsvn-dev DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND python-subversion-dbg DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND libapache2-svn DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND libsvn-ruby1.8 DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND python-subversion DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND libsvn-java DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND subversion DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND libsvn1 DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 AND libsvn-perl DPKG is earlier than 1.6.6dfsg-2ubuntu1.2 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND libsvn-doc DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND libsvn-ruby DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is lpia AND Packages section libsvn-dev DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND python-subversion-dbg DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND libapache2-svn DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND libsvn-ruby1.8 DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND python-subversion DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND libsvn-java DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND subversion DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND libsvn1 DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 AND libsvn-perl DPKG is earlier than 1.6.5dfsg-1ubuntu1.2 OR Release section Ubuntu 6.06 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section subversion-tools DPKG is earlier than 1.3.1-3ubuntu1.4 AND python2.4-subversion DPKG is earlier than 1.3.1-3ubuntu1.4 AND libsvn-doc DPKG is earlier than 1.3.1-3ubuntu1.4 AND libsvn-ruby DPKG is earlier than 1.3.1-3ubuntu1.4 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libsvn0-dev DPKG is earlier than 1.3.1-3ubuntu1.4 AND libsvn-core-perl DPKG is earlier than 1.3.1-3ubuntu1.4 AND libapache2-svn DPKG is earlier than 1.3.1-3ubuntu1.4 AND libsvn-ruby1.8 DPKG is earlier than 1.3.1-3ubuntu1.4 AND python-subversion DPKG is earlier than 1.3.1-3ubuntu1.4 AND libsvn0 DPKG is earlier than 1.3.1-3ubuntu1.4 AND subversion DPKG is earlier than 1.3.1-3ubuntu1.4 AND libsvn-javahl DPKG is earlier than 1.3.1-3ubuntu1.4

Definition Id: oval:org.mitre.oval:def:13783

Oval ID:	oval:org.mitre.oval:def:13783
Title:	USN-1144-1 -- subversion vulnerabilities
Description:	subversion: Advanced version control system an attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files.
Family:	unix	Class:	patch
Reference(s):	USN-1144-1 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921	Version:	5
Platform(s):	Ubuntu 10.10 Ubuntu 10.04	Product(s):	subversion
Definition Synopsis:
Release section Ubuntu 10.10 is installed AND Installed architecture is all AND libapache2-svn DPKG is earlier than 1.6.12dfsg-1ubuntu1.3 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libapache2-svn DPKG is earlier than 1.6.6dfsg-2ubuntu1.3

Definition Id: oval:org.mitre.oval:def:17102

Oval ID:	oval:org.mitre.oval:def:17102
Title:	USN-1893-1 -- libdmx vulnerability
Description:	Several security issues were fixed in Subversion.
Family:	unix	Class:	patch
Reference(s):	usn-1893-1 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 CVE-2013-1968 CVE-2013-2112	Version:	7
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	subversion
Definition Synopsis:
Release section Ubuntu 13.04 is installed AND Installed architecture is all AND Packages section libapache2-svn DPKG is earlier than 1.7.5-1ubuntu3.1 AND libsvn1 DPKG is earlier than 1.7.5-1ubuntu3.1 OR Release section Ubuntu 12.10 is installed AND Installed architecture is all AND Packages section libapache2-svn DPKG is earlier than 1.7.5-1ubuntu2.1 AND libsvn1 DPKG is earlier than 1.7.5-1ubuntu2.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND Packages section libapache2-svn DPKG is earlier than 1.6.17dfsg-3ubuntu3.3 AND libsvn1 DPKG is earlier than 1.6.17dfsg-3ubuntu3.3

Definition Id: oval:org.mitre.oval:def:18087

Oval ID:	oval:org.mitre.oval:def:18087
Title:	Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server (CVE-2013-1846)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-1846	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.6.0 before 1.6.21 and from 1.7.0 before 1.7.9 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.6.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.21 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.9 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18524

Oval ID:	oval:org.mitre.oval:def:18524
Title:	DSA-2703-1 subversion - several
Description:	Several vulnerabilities were discovered in Subversion, a version control system.
Family:	unix	Class:	patch
Reference(s):	DSA-2703-1 CVE-2013-1968 CVE-2013-2112	Version:	8
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	subversion
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND subversion DPKG is earlier than 1.6.12dfsg-7 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND subversion DPKG is earlier than 1.6.17dfsg-4+deb7u3

Definition Id: oval:org.mitre.oval:def:18538

Oval ID:	oval:org.mitre.oval:def:18538
Title:	Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server (CVE-2013-1847)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-1847	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.6.0 before 1.6.21 and from 1.7.0 before 1.7.9 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.6.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.21 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.9 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18554

Oval ID:	oval:org.mitre.oval:def:18554
Title:	Apache Subversion vulnerability from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server (CVE-2013-4277)
Description:	Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-4277	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.4.0 through 1.7.12 and from 1.8.0 through 1.8.1 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.4.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.13 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.8.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.8.2 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18621

Oval ID:	oval:org.mitre.oval:def:18621
Title:	Apache Subversion vulnerability from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server (CVE-2013-4131)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-4131	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.7.0 through 1.7.10 and from 1.8.x before 1.8.1 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.11 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.8.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.8.1 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18772

Oval ID:	oval:org.mitre.oval:def:18772
Title:	Apache Subversion vulnerability 1.6.0 before 1.6.23 in VisualSVN Server (CVE-2013-2088)
Description:	Contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-2088	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed AND Check the version of Apache Subversion 1.6.0 before 1.6.23 in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.6.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.23 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18788

Oval ID:	oval:org.mitre.oval:def:18788
Title:	Apache Subversion vulnerability 1.7.0 through 1.7.8 in VisualSVN Server (CVE-2013-1884)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-1884	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed AND Check the version of Apache Subversion 1.7.0 before 1.7.9 in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.9 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18889

Oval ID:	oval:org.mitre.oval:def:18889
Title:	Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server (CVE-2011-1783)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1783	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed AND Check if Apache Subversion version is greater than or equals to 1.5.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.17 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18922

Oval ID:	oval:org.mitre.oval:def:18922
Title:	Apache Subversion vulnerability before 1.6.17 in VisualSVN Server (CVE-2011-1752)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1752	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed AND Check if Apache Subversion version is less than 1.6.17 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18967

Oval ID:	oval:org.mitre.oval:def:18967
Title:	Apache Subversion vulnerability before 1.6.16 in VisualSVN Server (CVE-2011-0715)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-0715	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed AND Check if Apache Subversion version is less than 1.6.16 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18973

Oval ID:	oval:org.mitre.oval:def:18973
Title:	Apache Subversion vulnerability 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 in VisualSVN Server (CVE-2013-1845)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-1845	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.6.0 before 1.6.21 and from 1.7.0 before 1.7.9 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.6.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.21 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.9 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18980

Oval ID:	oval:org.mitre.oval:def:18980
Title:	Apache Subversion vulnerability 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 in VisualSVN Server (CVE-2013-1849)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-1849	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.6.0 before 1.6.21 and from 1.7.0 before 1.7.9 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.6.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.21 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.9 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18986

Oval ID:	oval:org.mitre.oval:def:18986
Title:	Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server (CVE-2013-1968)
Description:	Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-1968	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.6.0 before 1.6.23 and from 1.7.0 before 1.7.10 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.6.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.23 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.10 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:18999

Oval ID:	oval:org.mitre.oval:def:18999
Title:	Apache Subversion vulnerability 1.5.x and 1.6.x before 1.6.17 in VisualSVN Server (CVE-2011-1921)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1921	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed AND Check if Apache Subversion version is greater than or equals to 1.5.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.17 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:19057

Oval ID:	oval:org.mitre.oval:def:19057
Title:	Apache Subversion vulnerability 1.6.0 before 1.6.23 and 1.7.x before 1.7.10 in VisualSVN Server (CVE-2013-2112)
Description:	The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-2112	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed Check the version of Apache Subversion from 1.6.0 before 1.6.23 and from 1.7.0 before 1.7.10 in VisualSVN Server Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.6.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.6.23 in VisualSVN Server AND Check the version of Apache Subversion in VisualSVN Server Check if Apache Subversion version is greater than or equals to 1.7.0 in VisualSVN Server AND Check if Apache Subversion version is less than 1.7.10 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:20905

Oval ID:	oval:org.mitre.oval:def:20905
Title:	RHSA-2013:0737: subversion security update (Moderate)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0737-01 CESA-2013:0737 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849	Version:	59
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6	Product(s):	subversion
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section subversion-ruby is earlier than 0:1.6.11-9.el6_4 AND subversion-kde is earlier than 0:1.6.11-9.el6_4 AND subversion-svn2cl is earlier than 0:1.6.11-9.el6_4 AND subversion-javahl is earlier than 0:1.6.11-9.el6_4 AND mod_dav_svn is earlier than 0:1.6.11-9.el6_4 AND subversion-devel is earlier than 0:1.6.11-9.el6_4 AND subversion-gnome is earlier than 0:1.6.11-9.el6_4 AND subversion-perl is earlier than 0:1.6.11-9.el6_4 AND subversion is earlier than 0:1.6.11-9.el6_4 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section subversion-ruby is earlier than 0:1.6.11-11.el5_9 AND subversion-devel is earlier than 0:1.6.11-11.el5_9 AND subversion-javahl is earlier than 0:1.6.11-11.el5_9 AND mod_dav_svn is earlier than 0:1.6.11-11.el5_9 AND subversion-perl is earlier than 0:1.6.11-11.el5_9 AND subversion is earlier than 0:1.6.11-11.el5_9

Definition Id: oval:org.mitre.oval:def:21285

Oval ID:	oval:org.mitre.oval:def:21285
Title:	RHSA-2011:0327: subversion security and bug fix update (Moderate)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0327-01 CESA-2011:0327 CVE-2011-0715	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	subversion
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section subversion-devel is earlier than 0:1.6.11-7.el5_6.3 AND subversion is earlier than 0:1.6.11-7.el5_6.3 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.3 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.3 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.3 AND mod_dav_svn is earlier than 0:1.6.11-7.el5_6.3

Definition Id: oval:org.mitre.oval:def:21301

Oval ID:	oval:org.mitre.oval:def:21301
Title:	RHSA-2011:0862: subversion security update (Moderate)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0862-01 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CESA-2011:0862-CentOS 5	Version:	44
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	subversion
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section mod_dav_svn is earlier than 0:1.6.11-7.el5_6.4 AND subversion is earlier than 0:1.6.11-7.el5_6.4 AND subversion-devel is earlier than 0:1.6.11-7.el5_6.4 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.4 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.4 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.4 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section mod_dav_svn is earlier than 0:1.6.11-2.el6_1.4 AND subversion is earlier than 0:1.6.11-2.el6_1.4 AND subversion-debuginfo is earlier than 0:1.6.11-2.el6_1.4 AND subversion-devel is earlier than 0:1.6.11-2.el6_1.4 AND subversion-gnome is earlier than 0:1.6.11-2.el6_1.4 AND subversion-javahl is earlier than 0:1.6.11-2.el6_1.4 AND subversion-kde is earlier than 0:1.6.11-2.el6_1.4 AND subversion-perl is earlier than 0:1.6.11-2.el6_1.4 AND subversion-ruby is earlier than 0:1.6.11-2.el6_1.4 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_1.4

Definition Id: oval:org.mitre.oval:def:21566

Oval ID:	oval:org.mitre.oval:def:21566
Title:	RHSA-2011:0328: subversion security update (Moderate)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0328-01 CVE-2011-0715	Version:	4
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	subversion
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section subversion-ruby is earlier than 0:1.6.11-2.el6_0.3 AND subversion-kde is earlier than 0:1.6.11-2.el6_0.3 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_0.3 AND subversion-javahl is earlier than 0:1.6.11-2.el6_0.3 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_0.3 AND subversion-devel is earlier than 0:1.6.11-2.el6_0.3 AND subversion-gnome is earlier than 0:1.6.11-2.el6_0.3 AND subversion-perl is earlier than 0:1.6.11-2.el6_0.3 AND subversion is earlier than 0:1.6.11-2.el6_0.3

Definition Id: oval:org.mitre.oval:def:21698

Oval ID:	oval:org.mitre.oval:def:21698
Title:	RHSA-2011:0258: subversion security update (Moderate)
Description:	Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0258-01 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644	Version:	42
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	subversion
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section subversion-ruby is earlier than 0:1.6.11-2.el6_0.2 AND subversion-kde is earlier than 0:1.6.11-2.el6_0.2 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_0.2 AND subversion-javahl is earlier than 0:1.6.11-2.el6_0.2 AND subversion-devel is earlier than 0:1.6.11-2.el6_0.2 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_0.2 AND subversion-gnome is earlier than 0:1.6.11-2.el6_0.2 AND subversion-perl is earlier than 0:1.6.11-2.el6_0.2 AND subversion is earlier than 0:1.6.11-2.el6_0.2

Definition Id: oval:org.mitre.oval:def:21915

Oval ID:	oval:org.mitre.oval:def:21915
Title:	RHSA-2011:0257: subversion security update (Moderate)
Description:	Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0257-01 CESA-2011:0257 CVE-2010-4539 CVE-2010-4644	Version:	29
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	subversion
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section subversion-devel is earlier than 0:1.6.11-7.el5_6.1 AND subversion is earlier than 0:1.6.11-7.el5_6.1 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.1 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.1 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.1 AND mod_dav_svn is earlier than 0:1.6.11-7.el5_6.1

Definition Id: oval:org.mitre.oval:def:22742

Oval ID:	oval:org.mitre.oval:def:22742
Title:	ELSA-2011:0862: subversion security update (Moderate)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0862-01 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921	Version:	17
Platform(s):	Oracle Linux 6	Product(s):	subversion
Definition Synopsis:
Oracle Linux 6.x rpm test subversion-ruby is earlier than 0:1.6.11-2.el6_1.4 AND subversion-kde is earlier than 0:1.6.11-2.el6_1.4 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_1.4 AND subversion-javahl is earlier than 0:1.6.11-2.el6_1.4 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_1.4 AND subversion-devel is earlier than 0:1.6.11-2.el6_1.4 AND subversion-perl is earlier than 0:1.6.11-2.el6_1.4 AND subversion-gnome is earlier than 0:1.6.11-2.el6_1.4 AND subversion is earlier than 0:1.6.11-2.el6_1.4

Definition Id: oval:org.mitre.oval:def:22966

Oval ID:	oval:org.mitre.oval:def:22966
Title:	DEPRECATED: ELSA-2013:0737: subversion security update (Moderate)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0737-01 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849	Version:	22
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	subversion
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test subversion-ruby is earlier than 0:1.6.11-9.el6_4 AND subversion-kde is earlier than 0:1.6.11-9.el6_4 AND subversion-svn2cl is earlier than 0:1.6.11-9.el6_4 AND subversion-javahl is earlier than 0:1.6.11-9.el6_4 AND mod_dav_svn is earlier than 0:1.6.11-9.el6_4 AND subversion-devel is earlier than 0:1.6.11-9.el6_4 AND subversion-gnome is earlier than 0:1.6.11-9.el6_4 AND subversion-perl is earlier than 0:1.6.11-9.el6_4 AND subversion is earlier than 0:1.6.11-9.el6_4 OR rpm test Oracle Linux 5.x AND rpm test subversion-ruby is earlier than 0:1.6.11-11.el5_9 AND subversion-devel is earlier than 0:1.6.11-11.el5_9 AND subversion-javahl is earlier than 0:1.6.11-11.el5_9 AND mod_dav_svn is earlier than 0:1.6.11-11.el5_9 AND subversion-perl is earlier than 0:1.6.11-11.el5_9 AND subversion is earlier than 0:1.6.11-11.el5_9

Definition Id: oval:org.mitre.oval:def:23029

Oval ID:	oval:org.mitre.oval:def:23029
Title:	ELSA-2011:0257: subversion security update (Moderate)
Description:	Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0257-01 CVE-2010-4539 CVE-2010-4644	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	subversion
Definition Synopsis:
Oracle Linux 5.x rpm test subversion-devel is earlier than 0:1.6.11-7.el5_6.1 AND subversion is earlier than 0:1.6.11-7.el5_6.1 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.1 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.1 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.1 AND mod_dav_svn is earlier than 0:1.6.11-7.el5_6.1

Definition Id: oval:org.mitre.oval:def:23126

Oval ID:	oval:org.mitre.oval:def:23126
Title:	ELSA-2011:0327: subversion security and bug fix update (Moderate)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0327-01 CVE-2011-0715	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	subversion
Definition Synopsis:
Oracle Linux 5.x rpm test subversion-devel is earlier than 0:1.6.11-7.el5_6.3 AND subversion is earlier than 0:1.6.11-7.el5_6.3 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.3 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.3 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.3 AND mod_dav_svn is earlier than 0:1.6.11-7.el5_6.3

Definition Id: oval:org.mitre.oval:def:23583

Oval ID:	oval:org.mitre.oval:def:23583
Title:	ELSA-2011:0258: subversion security update (Moderate)
Description:	Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0258-01 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644	Version:	17
Platform(s):	Oracle Linux 6	Product(s):	subversion
Definition Synopsis:
Oracle Linux 6.x rpm test subversion-ruby is earlier than 0:1.6.11-2.el6_0.2 AND subversion-kde is earlier than 0:1.6.11-2.el6_0.2 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_0.2 AND subversion-javahl is earlier than 0:1.6.11-2.el6_0.2 AND subversion-devel is earlier than 0:1.6.11-2.el6_0.2 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_0.2 AND subversion-gnome is earlier than 0:1.6.11-2.el6_0.2 AND subversion-perl is earlier than 0:1.6.11-2.el6_0.2 AND subversion is earlier than 0:1.6.11-2.el6_0.2

Definition Id: oval:org.mitre.oval:def:23627

Oval ID:	oval:org.mitre.oval:def:23627
Title:	ELSA-2011:0328: subversion security update (Moderate)
Description:	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0328-01 CVE-2011-0715	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	subversion
Definition Synopsis:
Oracle Linux 6.x rpm test subversion-ruby is earlier than 0:1.6.11-2.el6_0.3 AND subversion-kde is earlier than 0:1.6.11-2.el6_0.3 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_0.3 AND subversion-javahl is earlier than 0:1.6.11-2.el6_0.3 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_0.3 AND subversion-devel is earlier than 0:1.6.11-2.el6_0.3 AND subversion-gnome is earlier than 0:1.6.11-2.el6_0.3 AND subversion-perl is earlier than 0:1.6.11-2.el6_0.3 AND subversion is earlier than 0:1.6.11-2.el6_0.3

Definition Id: oval:org.mitre.oval:def:23879

Oval ID:	oval:org.mitre.oval:def:23879
Title:	ELSA-2013:0737: subversion security update (Moderate)
Description:	The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0737-01 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849	Version:	21
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	subversion
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test subversion-ruby is earlier than 0:1.6.11-9.el6_4 AND subversion-kde is earlier than 0:1.6.11-9.el6_4 AND subversion-svn2cl is earlier than 0:1.6.11-9.el6_4 AND subversion-javahl is earlier than 0:1.6.11-9.el6_4 AND mod_dav_svn is earlier than 0:1.6.11-9.el6_4 AND subversion-devel is earlier than 0:1.6.11-9.el6_4 AND subversion-gnome is earlier than 0:1.6.11-9.el6_4 AND subversion-perl is earlier than 0:1.6.11-9.el6_4 AND subversion is earlier than 0:1.6.11-9.el6_4 OR rpm test Oracle Linux 5.x AND rpm test subversion-ruby is earlier than 0:1.6.11-11.el5_9 AND subversion-devel is earlier than 0:1.6.11-11.el5_9 AND subversion-javahl is earlier than 0:1.6.11-11.el5_9 AND mod_dav_svn is earlier than 0:1.6.11-11.el5_9 AND subversion-perl is earlier than 0:1.6.11-11.el5_9 AND subversion is earlier than 0:1.6.11-11.el5_9

Definition Id: oval:org.mitre.oval:def:25870

Oval ID:	oval:org.mitre.oval:def:25870
Title:	SUSE-SU-2013:1217-1 -- Security update for subversion
Description:	This update of subversion fixes two potential DoS vulnerabilities (bug#821505, CVE-2013-1968, CVE-2013-2112). * Server-side bugfixes: o fix FSFS repository corruption due to newline in filename (issue #4340) o fix svnserve exiting when a client connection is aborted (r1482759) * Other tool improvements and bugfixes: o fix argument processing in contrib hook scripts (r1485350) Security Issues: * CVE-2013-1968 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968 > * CVE-2013-2112 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1217-1 CVE-2013-1968 CVE-2013-2112	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 10	Product(s):	subversion
Definition Synopsis:
SUSE Linux Enterprise Desktop 10 is installed Packages match section subversion RPM is earlier than 0:1.3.1-1.24.1 AND subversion-devel RPM is earlier than 0:1.3.1-1.24.1

Definition Id: oval:org.mitre.oval:def:25981

Oval ID:	oval:org.mitre.oval:def:25981
Title:	SUSE-SU-2013:0837-1 -- Security update for subversion
Description:	This update fixes several DoS vulnerabilities in subversion's mod_dav_svn Apache HTTPD server module.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0837-1 CVE-2013-1849 CVE-2013-1846 CVE-2013-1845	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 10	Product(s):	subversion
Definition Synopsis:
SUSE Linux Enterprise Desktop 10 is installed Packages match section subversion RPM is earlier than 0:1.3.1-1.22.1 AND subversion-devel RPM is earlier than 0:1.3.1-1.22.1

Definition Id: oval:org.mitre.oval:def:27213

Oval ID:	oval:org.mitre.oval:def:27213
Title:	DEPRECATED: ELSA-2011-0257 -- subversion security update (moderate)
Description:	[1.6.11-7.1] - add security fixes for CVE-2010-4644, CVE-2010-4539 (#672676)
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0257 CVE-2010-4539 CVE-2010-4644	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	subversion
Definition Synopsis:
Oracle Linux 5.x Packages match section subversion is earlier than 0:1.6.11-7.el5_6.1 AND mod_dav_svn is earlier than 0:1.6.11-7.el5_6.1 AND subversion-devel is earlier than 0:1.6.11-7.el5_6.1 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.1 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.1 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.1

Definition Id: oval:org.mitre.oval:def:27299

Oval ID:	oval:org.mitre.oval:def:27299
Title:	DEPRECATED: ELSA-2013-0737 -- subversion security update (moderate)
Description:	[1.6.11-9] - add security fixes for CVE-2013-1846, CVE-2013-1847, CVE-2013-1849 (#947372) [1.6.11-8] - add security fix for CVE-2013-1845 (#947372)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0737 CVE-2013-1849 CVE-2013-1845 CVE-2013-1847 CVE-2013-1846	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	subversion
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section subversion is earlier than 0:1.6.11-11.el5_9 AND mod_dav_svn is earlier than 0:1.6.11-11.el5_9 AND subversion-devel is earlier than 0:1.6.11-11.el5_9 AND subversion-javahl is earlier than 0:1.6.11-11.el5_9 AND subversion-perl is earlier than 0:1.6.11-11.el5_9 AND subversion-ruby is earlier than 0:1.6.11-11.el5_9 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section subversion is earlier than 0:1.6.11-9.el6_4 AND mod_dav_svn is earlier than 0:1.6.11-9.el6_4 AND subversion-devel is earlier than 0:1.6.11-9.el6_4 AND subversion-gnome is earlier than 0:1.6.11-9.el6_4 AND subversion-javahl is earlier than 0:1.6.11-9.el6_4 AND subversion-kde is earlier than 0:1.6.11-9.el6_4 AND subversion-perl is earlier than 0:1.6.11-9.el6_4 AND subversion-ruby is earlier than 0:1.6.11-9.el6_4 AND subversion-svn2cl is earlier than 0:1.6.11-9.el6_4

Definition Id: oval:org.mitre.oval:def:27943

Oval ID:	oval:org.mitre.oval:def:27943
Title:	DEPRECATED: ELSA-2011-0328 -- subversion security update (moderate)
Description:	[1.6.11-2.3] - add security fix for CVE-2011-0715 (#681173)
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0328 CVE-2011-0715	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	subversion
Definition Synopsis:
Oracle Linux 6.x Packages match section subversion is earlier than 0:1.6.11-2.el6_0.3 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_0.3 AND subversion-devel is earlier than 0:1.6.11-2.el6_0.3 AND subversion-gnome is earlier than 0:1.6.11-2.el6_0.3 AND subversion-javahl is earlier than 0:1.6.11-2.el6_0.3 AND subversion-kde is earlier than 0:1.6.11-2.el6_0.3 AND subversion-perl is earlier than 0:1.6.11-2.el6_0.3 AND subversion-ruby is earlier than 0:1.6.11-2.el6_0.3 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_0.3

Definition Id: oval:org.mitre.oval:def:28144

Oval ID:	oval:org.mitre.oval:def:28144
Title:	DEPRECATED: ELSA-2011-0862 -- subversion security update (moderate)
Description:	[1.6.11-2.4] - add security fixes for CVE-2011-1752, CVE-2011-1783, CVE-2011-1921 (#709220)
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0862 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	subversion
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section subversion is earlier than 0:1.6.11-7.el5_6.4 AND mod_dav_svn is earlier than 0:1.6.11-7.el5_6.4 AND subversion-devel is earlier than 0:1.6.11-7.el5_6.4 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.4 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.4 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.4 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section subversion is earlier than 0:1.6.11-2.el6_1.4 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_1.4 AND subversion-devel is earlier than 0:1.6.11-2.el6_1.4 AND subversion-gnome is earlier than 0:1.6.11-2.el6_1.4 AND subversion-javahl is earlier than 0:1.6.11-2.el6_1.4 AND subversion-kde is earlier than 0:1.6.11-2.el6_1.4 AND subversion-perl is earlier than 0:1.6.11-2.el6_1.4 AND subversion-ruby is earlier than 0:1.6.11-2.el6_1.4 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_1.4

Definition Id: oval:org.mitre.oval:def:28163

Oval ID:	oval:org.mitre.oval:def:28163
Title:	DEPRECATED: ELSA-2011-0327 -- subversion security and bug fix update (moderate)
Description:	[1.6.11-7.3] - add fix for svnadmin hotcopy (#681522) [1.6.11-7.2] - add security fix for CVE-2011-0715 (#681171)
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0327 CVE-2011-0715	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	subversion
Definition Synopsis:
Oracle Linux 5.x Packages match section subversion is earlier than 0:1.6.11-7.el5_6.3 AND mod_dav_svn is earlier than 0:1.6.11-7.el5_6.3 AND subversion-devel is earlier than 0:1.6.11-7.el5_6.3 AND subversion-javahl is earlier than 0:1.6.11-7.el5_6.3 AND subversion-perl is earlier than 0:1.6.11-7.el5_6.3 AND subversion-ruby is earlier than 0:1.6.11-7.el5_6.3

Definition Id: oval:org.mitre.oval:def:28181

Oval ID:	oval:org.mitre.oval:def:28181
Title:	DEPRECATED: ELSA-2011-0258 -- subversion security update (moderate)
Description:	[1.6.11-2.2] - add security fixes for CVE-2010-4644, CVE-2010-4539 (#672678) [1.6.11-2.1] - add security fix for CVE-2010-3315 (#640322)
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0258 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	subversion
Definition Synopsis:
Oracle Linux 6.x Packages match section subversion is earlier than 0:1.6.11-2.el6_0.2 AND mod_dav_svn is earlier than 0:1.6.11-2.el6_0.2 AND subversion-devel is earlier than 0:1.6.11-2.el6_0.2 AND subversion-gnome is earlier than 0:1.6.11-2.el6_0.2 AND subversion-javahl is earlier than 0:1.6.11-2.el6_0.2 AND subversion-kde is earlier than 0:1.6.11-2.el6_0.2 AND subversion-perl is earlier than 0:1.6.11-2.el6_0.2 AND subversion-ruby is earlier than 0:1.6.11-2.el6_0.2 AND subversion-svn2cl is earlier than 0:1.6.11-2.el6_0.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Subversion cpe:2.3:a:apache:subversion:1.8.1:::::::* cpe:2.3:a:apache:subversion:1.8.0:::::::* cpe:2.3:a:apache:subversion:1.7.9:::::::* cpe:2.3:a:apache:subversion:1.7.8:::::::* cpe:2.3:a:apache:subversion:1.7.7:::::::* cpe:2.3:a:apache:subversion:1.7.6:::::::* cpe:2.3:a:apache:subversion:1.7.5:::::::* cpe:2.3:a:apache:subversion:1.7.4:::::::* cpe:2.3:a:apache:subversion:1.7.3:::::::* cpe:2.3:a:apache:subversion:1.7.2:::::::* cpe:2.3:a:apache:subversion:1.7.12:::::::* cpe:2.3:a:apache:subversion:1.7.11:::::::* cpe:2.3:a:apache:subversion:1.7.10:::::::* cpe:2.3:a:apache:subversion:1.7.1:::::::* cpe:2.3:a:apache:subversion:1.7.0:::::::* cpe:2.3:a:apache:subversion:1.6.9:::::::* cpe:2.3:a:apache:subversion:1.6.8:::::::* cpe:2.3:a:apache:subversion:1.6.7:::::::* cpe:2.3:a:apache:subversion:1.6.6:::::::* cpe:2.3:a:apache:subversion:1.6.5:::::::* cpe:2.3:a:apache:subversion:1.6.4:::::::* cpe:2.3:a:apache:subversion:1.6.3:::::::* cpe:2.3:a:apache:subversion:1.6.23:::::::* cpe:2.3:a:apache:subversion:1.6.21:::::::* cpe:2.3:a:apache:subversion:1.6.20:::::::* cpe:2.3:a:apache:subversion:1.6.2:::::::* cpe:2.3:a:apache:subversion:1.6.19:::::::* cpe:2.3:a:apache:subversion:1.6.18:::::::* cpe:2.3:a:apache:subversion:1.6.17:::::::* cpe:2.3:a:apache:subversion:1.6.16:::::::* cpe:2.3:a:apache:subversion:1.6.15:::::::* cpe:2.3:a:apache:subversion:1.6.14:::::::* cpe:2.3:a:apache:subversion:1.6.13:::::::* cpe:2.3:a:apache:subversion:1.6.12:::::::* cpe:2.3:a:apache:subversion:1.6.11:::::::* cpe:2.3:a:apache:subversion:1.6.10:::::::* cpe:2.3:a:apache:subversion:1.6.1:::::::* cpe:2.3:a:apache:subversion:1.6.0:::::::* cpe:2.3:a:apache:subversion:1.5.8:::::::* cpe:2.3:a:apache:subversion:1.5.7:::::::* cpe:2.3:a:apache:subversion:1.5.6:::::::* cpe:2.3:a:apache:subversion:1.5.5:::::::* cpe:2.3:a:apache:subversion:1.5.4:::::::* cpe:2.3:a:apache:subversion:1.5.3:::::::* cpe:2.3:a:apache:subversion:1.5.2:::::::* cpe:2.3:a:apache:subversion:1.5.1:::::::* cpe:2.3:a:apache:subversion:1.5.0:::::::* cpe:2.3:a:apache:subversion:1.4.6:::::::* cpe:2.3:a:apache:subversion:1.4.5:::::::* cpe:2.3:a:apache:subversion:1.4.4:::::::* cpe:2.3:a:apache:subversion:1.4.3:::::::* cpe:2.3:a:apache:subversion:1.4.2:::::::* cpe:2.3:a:apache:subversion:1.4.1:::::::* cpe:2.3:a:apache:subversion:1.4.0:::::::* cpe:2.3:a:apache:subversion:1.3.2:::::::* cpe:2.3:a:apache:subversion:1.3.1:::::::* cpe:2.3:a:apache:subversion:1.3.0:::::::* cpe:2.3:a:apache:subversion:1.2.3:::::::* cpe:2.3:a:apache:subversion:1.2.2:::::::* cpe:2.3:a:apache:subversion:1.2.1:::::::* cpe:2.3:a:apache:subversion:1.2.0:::::::* cpe:2.3:a:apache:subversion:1.1.4:::::::* cpe:2.3:a:apache:subversion:1.1.3:::::::* cpe:2.3:a:apache:subversion:1.1.2:::::::* cpe:2.3:a:apache:subversion:1.1.1:::::::* cpe:2.3:a:apache:subversion:1.1.0:::::::* cpe:2.3:a:apache:subversion:1.0.9:::::::* cpe:2.3:a:apache:subversion:1.0.8:::::::* cpe:2.3:a:apache:subversion:1.0.7:::::::* cpe:2.3:a:apache:subversion:1.0.6:::::::* cpe:2.3:a:apache:subversion:1.0.5:::::::* cpe:2.3:a:apache:subversion:1.0.4:::::::* cpe:2.3:a:apache:subversion:1.0.3:::::::* cpe:2.3:a:apache:subversion:1.0.2:::::::* cpe:2.3:a:apache:subversion:1.0.1:::::::* cpe:2.3:a:apache:subversion:1.0.0:::::::* cpe:2.3:a:apache:subversion:0.9:::::::* cpe:2.3:a:apache:subversion:0.8:::::::* cpe:2.3:a:apache:subversion:0.7:::::::* cpe:2.3:a:apache:subversion:0.6:::::::* cpe:2.3:a:apache:subversion:0.37.0:::::::* cpe:2.3:a:apache:subversion:0.36.0:::::::* cpe:2.3:a:apache:subversion:0.35.1:::::::* cpe:2.3:a:apache:subversion:0.35.0:::::::* cpe:2.3:a:apache:subversion:0.34.0:::::::* cpe:2.3:a:apache:subversion:0.33.1:::::::* cpe:2.3:a:apache:subversion:0.33.0:::::::* cpe:2.3:a:apache:subversion:0.32.1:::::::* cpe:2.3:a:apache:subversion:0.31.0:::::::* cpe:2.3:a:apache:subversion:0.30.0:::::::* cpe:2.3:a:apache:subversion:0.29.0:::::::* cpe:2.3:a:apache:subversion:0.28.2:::::::* cpe:2.3:a:apache:subversion:0.28.1:::::::* cpe:2.3:a:apache:subversion:0.28.0:::::::* cpe:2.3:a:apache:subversion:0.27.0:::::::* cpe:2.3:a:apache:subversion:0.26.0:::::::* cpe:2.3:a:apache:subversion:0.25.0:::::::* cpe:2.3:a:apache:subversion:0.24.2:::::::* cpe:2.3:a:apache:subversion:0.24.1:::::::* cpe:2.3:a:apache:subversion:0.24.0:::::::* cpe:2.3:a:apache:subversion:0.23.0:::::::* cpe:2.3:a:apache:subversion:0.22.2:::::::* cpe:2.3:a:apache:subversion:0.22.1:::::::* cpe:2.3:a:apache:subversion:0.22.0:::::::* cpe:2.3:a:apache:subversion:0.21.0:::::::* cpe:2.3:a:apache:subversion:0.20.1:::::::* cpe:2.3:a:apache:subversion:0.20.0:::::::* cpe:2.3:a:apache:subversion:0.19.1:::::::* cpe:2.3:a:apache:subversion:0.19.0:::::::* cpe:2.3:a:apache:subversion:0.18.1:::::::* cpe:2.3:a:apache:subversion:0.18.0:::::::* cpe:2.3:a:apache:subversion:0.17.1:::::::* cpe:2.3:a:apache:subversion:0.17.0:::::::* cpe:2.3:a:apache:subversion:0.16.1:::::::* cpe:2.3:a:apache:subversion:0.16:::::::* cpe:2.3:a:apache:subversion:0.15:::::::* cpe:2.3:a:apache:subversion:0.14.5:::::::* cpe:2.3:a:apache:subversion:0.14.4:::::::* cpe:2.3:a:apache:subversion:0.14.3:::::::* cpe:2.3:a:apache:subversion:0.14.2:::::::* cpe:2.3:a:apache:subversion:0.14.1:::::::* cpe:2.3:a:apache:subversion:0.14.0:::::::* cpe:2.3:a:apache:subversion:0.13.2:::::::* cpe:2.3:a:apache:subversion:0.13.1:::::::* cpe:2.3:a:apache:subversion:0.13.0:::::::* cpe:2.3:a:apache:subversion:0.12.0:::::::* cpe:2.3:a:apache:subversion:0.11.1:::::::* cpe:2.3:a:apache:subversion:0.10.2:::::::* cpe:2.3:a:apache:subversion:0.10.1:::::::* cpe:2.3:a:apache:subversion:0.10.0:::::::* cpe:2.3:a:apache:subversion:m4/m5:::::::* cpe:2.3:a:apache:subversion:m3:::::::* cpe:2.3:a:apache:subversion:m2:::::::* cpe:2.3:a:apache:subversion:m1:::::::* cpe:2.3:a:apache:subversion::::::::	135
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x:10.5.6:::::::* cpe:2.3:a:apple:mac_os_x::::::::	2
Application	Collabnet Subversion cpe:2.3:a:collabnet:subversion:1.6.17:::::::*	1
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.7.2:::::::* cpe:2.3:o:apple:mac_os_x:10.7.1:::::::* cpe:2.3:o:apple:mac_os_x:10.7.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6.9:::::::* cpe:2.3:o:apple:mac_os_x:10.6.8:::::::* cpe:2.3:o:apple:mac_os_x:10.6.7:::::::* cpe:2.3:o:apple:mac_os_x:10.6.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6.5:::::::* cpe:2.3:o:apple:mac_os_x:10.6.4:::::::* cpe:2.3:o:apple:mac_os_x:10.6.3:::::::* cpe:2.3:o:apple:mac_os_x:10.6.2:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1::server::::: cpe:2.3:o:apple:mac_os_x:10.6.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6:server:::::: cpe:2.3:o:apple:mac_os_x:10.5.8:::::::* cpe:2.3:o:apple:mac_os_x:10.5.8::server::::: cpe:2.3:o:apple:mac_os_x:10.5.7:::::::* cpe:2.3:o:apple:mac_os_x:10.5.6:::::::* cpe:2.3:o:apple:mac_os_x:10.5.5:::::::* cpe:2.3:o:apple:mac_os_x:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:::::: cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	81
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::	6
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:6.0:::::::* cpe:2.3:o:debian:debian_linux:5.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:15:::::::* cpe:2.3:o:fedoraproject:fedora:14:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:12.3:::::::* cpe:2.3:o:opensuse:opensuse:12.2:::::::* cpe:2.3:o:opensuse:opensuse:12.1:::::::* cpe:2.3:o:opensuse:opensuse:11.4:::::::*	4

OpenVAS Exploits

Date	Description
2012-07-30	Name : CentOS Update for mod_dav_svn CESA-2011:0862 centos5 x86_64 File : nvt/gb_CESA-2011_0862_mod_dav_svn_centos5_x86_64.nasl
2012-07-30	Name : CentOS Update for mod_dav_svn CESA-2011:0861 centos4 x86_64 File : nvt/gb_CESA-2011_0861_mod_dav_svn_centos4_x86_64.nasl
2012-07-30	Name : CentOS Update for mod_dav_svn CESA-2011:0327 centos5 x86_64 File : nvt/gb_CESA-2011_0327_mod_dav_svn_centos5_x86_64.nasl
2012-07-30	Name : CentOS Update for mod_dav_svn CESA-2011:0257 centos5 x86_64 File : nvt/gb_CESA-2011_0257_mod_dav_svn_centos5_x86_64.nasl
2012-07-09	Name : RedHat Update for subversion RHSA-2011:0328-01 File : nvt/gb_RHSA-2011_0328-01_subversion.nasl
2012-06-05	Name : RedHat Update for subversion RHSA-2011:0258-01 File : nvt/gb_RHSA-2011_0258-01_subversion.nasl
2012-02-06	Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl
2011-08-19	Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl
2011-08-18	Name : CentOS Update for mod_dav_svn CESA-2011:0861 centos4 i386 File : nvt/gb_CESA-2011_0861_mod_dav_svn_centos4_i386.nasl
2011-08-09	Name : CentOS Update for mod_dav_svn CESA-2011:0327 centos5 i386 File : nvt/gb_CESA-2011_0327_mod_dav_svn_centos5_i386.nasl
2011-08-09	Name : CentOS Update for mod_dav_svn CESA-2011:0257 centos5 i386 File : nvt/gb_CESA-2011_0257_mod_dav_svn_centos5_i386.nasl
2011-08-09	Name : CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386 File : nvt/gb_CESA-2011_0862_mod_dav_svn_centos5_i386.nasl
2011-08-03	Name : FreeBSD Ports: subversion File : nvt/freebsd_subversion4.nasl
2011-08-03	Name : Debian Security Advisory DSA 2251-1 (subversion) File : nvt/deb_2251_1.nasl
2011-07-12	Name : Fedora Update for subversion FEDORA-2011-8352 File : nvt/gb_fedora_2011_8352_subversion_fc15.nasl
2011-07-08	Name : Fedora Update for subversion FEDORA-2011-8341 File : nvt/gb_fedora_2011_8341_subversion_fc14.nasl
2011-06-10	Name : Ubuntu Update for subversion USN-1144-1 File : nvt/gb_ubuntu_USN_1144_1.nasl
2011-06-10	Name : RedHat Update for subversion RHSA-2011:0861-01 File : nvt/gb_RHSA-2011_0861-01_subversion.nasl
2011-06-10	Name : RedHat Update for subversion RHSA-2011:0862-01 File : nvt/gb_RHSA-2011_0862-01_subversion.nasl
2011-06-06	Name : Mandriva Update for subversion MDVSA-2011:106 (subversion) File : nvt/gb_mandriva_MDVSA_2011_106.nasl
2011-04-11	Name : Mandriva Update for subversion MDVSA-2011:067 (subversion) File : nvt/gb_mandriva_MDVSA_2011_067.nasl
2011-04-01	Name : Ubuntu Update for subversion vulnerability USN-1096-1 File : nvt/gb_ubuntu_USN_1096_1.nasl
2011-03-24	Name : Fedora Update for subversion FEDORA-2011-2657 File : nvt/gb_fedora_2011_2657_subversion_fc14.nasl
2011-03-24	Name : Fedora Update for subversion FEDORA-2011-2698 File : nvt/gb_fedora_2011_2698_subversion_fc13.nasl
2011-03-15	Name : RedHat Update for subversion RHSA-2011:0327-01 File : nvt/gb_RHSA-2011_0327-01_subversion.nasl
2011-03-09	Name : Debian Security Advisory DSA 2181-1 (subversion) File : nvt/deb_2181_1.nasl
2011-03-09	Name : FreeBSD Ports: subversion File : nvt/freebsd_subversion3.nasl
2011-03-09	Name : Debian Security Advisory DSA 2182-1 (logwatch) File : nvt/deb_2182_1.nasl
2011-02-18	Name : RedHat Update for subversion RHSA-2011:0257-01 File : nvt/gb_RHSA-2011_0257-01_subversion.nasl
2011-02-04	Name : Ubuntu Update for subversion vulnerabilities USN-1053-1 File : nvt/gb_ubuntu_USN_1053_1.nasl
2011-01-24	Name : FreeBSD Ports: subversion File : nvt/freebsd_subversion2.nasl
2011-01-21	Name : Fedora Update for subversion FEDORA-2011-0099 File : nvt/gb_fedora_2011_0099_subversion_fc14.nasl
2011-01-21	Name : Mandriva Update for subversion MDVSA-2011:006 (subversion) File : nvt/gb_mandriva_MDVSA_2011_006.nasl
0000-00-00	Name : Slackware Advisory SSA:2011-070-01 subversion File : nvt/esoft_slk_ssa_2011_070_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
73247	Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
73246	Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
73245	Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
70964	Subversion mod_dav_svn Lock Token NULL Dereference DoS Subversion contains a NULL pointer dereference error in the 'mod_dav_svn' module when processing lock tokens that may be exploited via a crafted HTTP request to cause a remote denial of service.
70333	Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS Apache Subversion contains a flaw that may allow a remote denial of service. The issue is triggered when multiple memory leaks in 'rev_hunt.c' occur, allowing a remote authenticated attacker to cause a denial of service by memory consumption via the -g option to the blame command.
70332	Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNPare... Apache Subversion contains a flaw that may allow a remote denial of service. The issue is triggered when the 'walk' function in 'repos.c' in the 'mod_dav_svn' module allows a remote, authenticated attacker to cause a NULL pointer dereference denial of service via vectors that trigger the walking of SVNParentPath collections.

Nessus® Vulnerability Scanner

Date	Description
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1217-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0837-1.nasl - Type : ACT_GATHER_INFO
2015-04-27	Name : The remote Debian host is missing a security update. File : debian_DLA-207.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_subversion_20140401.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-621.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-345.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-494.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-701.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libsvn_auth_gnome_keyring-1-0-110119.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libsvn_auth_gnome_keyring-1-0-110607.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_libsvn_auth_gnome_keyring-1-0-110309.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_libsvn_auth_gnome_keyring-1-0-110607.nasl - Type : ACT_GATHER_INFO
2014-03-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0255.nasl - Type : ACT_GATHER_INFO
2014-03-06	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140305_subversion_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0255.nasl - Type : ACT_GATHER_INFO
2014-03-06	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0255.nasl - Type : ACT_GATHER_INFO
2013-12-20	Name : The remote host has an application that is affected by multiple vulnerabilities. File : subversion_1_8_1.nasl - Type : ACT_GATHER_INFO
2013-12-20	Name : The remote host has an application that is affected by multiple symlink overw... File : subversion_1_8_3.nasl - Type : ACT_GATHER_INFO
2013-10-01	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-221.nasl - Type : ACT_GATHER_INFO
2013-09-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-11.nasl - Type : ACT_GATHER_INFO
2013-09-18	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-236.nasl - Type : ACT_GATHER_INFO
2013-09-10	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-251-01.nasl - Type : ACT_GATHER_INFO
2013-09-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-15717.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-180.nasl - Type : ACT_GATHER_INFO
2013-09-03	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f8a913cc132211e38ffa20cf30e32f6d.nasl - Type : ACT_GATHER_INFO
2013-08-15	Name : The remote Fedora host is missing a security update. File : fedora_2013-13672.nasl - Type : ACT_GATHER_INFO
2013-08-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-209.nasl - Type : ACT_GATHER_INFO
2013-08-02	Name : The remote Fedora host is missing a security update. File : fedora_2013-13696.nasl - Type : ACT_GATHER_INFO
2013-07-25	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2ae24334f2e611e28346001e8c75030d.nasl - Type : ACT_GATHER_INFO
2013-07-18	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cvs2svn-8628.nasl - Type : ACT_GATHER_INFO
2013-07-17	Name : The remote host has an application that is affected by multiple denial of ser... File : subversion_1_6_23.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0737.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0862.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0861.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0327.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0258.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0257.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0328.nasl - Type : ACT_GATHER_INFO
2013-06-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1893-1.nasl - Type : ACT_GATHER_INFO
2013-06-14	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-173.nasl - Type : ACT_GATHER_INFO
2013-06-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2703.nasl - Type : ACT_GATHER_INFO
2013-06-02	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6d0bf320ca3911e29673001e8c75030d.nasl - Type : ACT_GATHER_INFO
2013-06-02	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_787d21b9ca3811e29673001e8c75030d.nasl - Type : ACT_GATHER_INFO
2013-06-02	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ce502902ca3911e29673001e8c75030d.nasl - Type : ACT_GATHER_INFO
2013-05-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cvs2svn-8552.nasl - Type : ACT_GATHER_INFO
2013-05-16	Name : The remote host has an application that is affected by multiple denial of ser... File : subversion_1_6_21.nasl - Type : ACT_GATHER_INFO
2013-04-29	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-153.nasl - Type : ACT_GATHER_INFO
2013-04-13	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130411_subversion_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-04-12	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-095-01.nasl - Type : ACT_GATHER_INFO
2013-04-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0737.nasl - Type : ACT_GATHER_INFO
2013-04-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0737.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b6beb1379dc011e2882f20cf30e32f6d.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_subversion_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_subversion_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110308_subversion_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110215_subversion_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110215_subversion_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-02-02	Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cvs2svn-7560.nasl - Type : ACT_GATHER_INFO
2011-08-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0861.nasl - Type : ACT_GATHER_INFO
2011-07-05	Name : The remote Fedora host is missing a security update. File : fedora_2011-8341.nasl - Type : ACT_GATHER_INFO
2011-06-24	Name : The remote Fedora host is missing a security update. File : fedora_2011-8352.nasl - Type : ACT_GATHER_INFO
2011-06-24	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-004.nasl - Type : ACT_GATHER_INFO
2011-06-24	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO
2011-06-13	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1144-1.nasl - Type : ACT_GATHER_INFO
2011-06-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2251.nasl - Type : ACT_GATHER_INFO
2011-06-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0862.nasl - Type : ACT_GATHER_INFO
2011-06-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0861.nasl - Type : ACT_GATHER_INFO
2011-06-09	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0862.nasl - Type : ACT_GATHER_INFO
2011-06-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-106.nasl - Type : ACT_GATHER_INFO
2011-06-03	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e27a1af38d2111e0a45d001e8c75030d.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libsvn_auth_gnome_keyring-1-0-110119.nasl - Type : ACT_GATHER_INFO
2011-04-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0327.nasl - Type : ACT_GATHER_INFO
2011-04-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0257.nasl - Type : ACT_GATHER_INFO
2011-04-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-067.nasl - Type : ACT_GATHER_INFO
2011-03-30	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1096-1.nasl - Type : ACT_GATHER_INFO
2011-03-27	Name : The remote Fedora host is missing a security update. File : fedora_2011-3775.nasl - Type : ACT_GATHER_INFO
2011-03-17	Name : The remote Fedora host is missing a security update. File : fedora_2011-2698.nasl - Type : ACT_GATHER_INFO
2011-03-17	Name : The remote Fedora host is missing a security update. File : fedora_2011-2657.nasl - Type : ACT_GATHER_INFO
2011-03-14	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-070-01.nasl - Type : ACT_GATHER_INFO
2011-03-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0327.nasl - Type : ACT_GATHER_INFO
2011-03-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0328.nasl - Type : ACT_GATHER_INFO
2011-03-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2181.nasl - Type : ACT_GATHER_INFO
2011-03-07	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e27ca763472111e0bdc4001e8c75030d.nasl - Type : ACT_GATHER_INFO
2011-03-01	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cvs2svn-7319.nasl - Type : ACT_GATHER_INFO
2011-02-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0257.nasl - Type : ACT_GATHER_INFO
2011-02-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0258.nasl - Type : ACT_GATHER_INFO
2011-02-02	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1053-1.nasl - Type : ACT_GATHER_INFO
2011-01-28	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-006.nasl - Type : ACT_GATHER_INFO
2011-01-19	Name : The remote Fedora host is missing a security update. File : fedora_2011-0099.nasl - Type : ACT_GATHER_INFO
2011-01-14	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_716120991e9311e0a587001b77d09812.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:37:44	Multiple Updates
2013-09-24 05:18:44	First insertion

Global Informations

Type	Count
CWE ID(s)	10
Oval ID(s)	42
CPE ID(s)	233
osvdb(s)	6
Openvas Exploit(s)	34
Nessus® Exploit(s)	92

	Related
7.8	CVE-2013-2112
7.1	CVE-2013-2088
6.8	CVE-2010-4539
5.5	CVE-2013-1968
5	CVE-2013-1884
5	CVE-2013-1847
5	CVE-2011-1752
4.3	CVE-2013-1849
4.3	CVE-2011-1921
4.3	CVE-2011-1783
4.3	CVE-2011-0715
4	CVE-2013-4131
4	CVE-2013-1846
3.5	CVE-2010-4644
3.3	CVE-2013-4277
2.1	CVE-2013-1845
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 16 more Alert(s)

7.8 - GLSA-201309-11

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU