Gentoo Linux Security Advisory 201610-5 - Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Versions less than 1.9.4 are affected.
6fc3d8b062f4dd9dd7a5b8d8121065ad62aa138fd8e27bec35dc5e71fb9cd7e8
Mandriva Linux Security Advisory 2015-085 - The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service via an OPTIONS request. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.
01aff36f339d42406e0aae560444ac58ac7a1af4b623272cb7f496e90441e981
Apple Security Advisory 2014-09-17-7 - Xcode 6.0.1 is now available and addresses a denial of service vulnerability.
8e1f1756e81af7fac9dd82869a3eaffd631cf609ecd86c1fa4f32b476b409e2a
Ubuntu Security Notice 2316-1 - Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.
34a878b1d3886abcc6a12d4b5804a8f3bed05cb128b024c7a2c181220ad326ca
Mandriva Linux Security Advisory 2014-049 - The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls https://svn.example.com command. This advisory provides the latest version of subversion which is not vulnerable to this issue.
6dc36b60facb0c513dec64a3947fa32a7e8f3f108314026f3f279dac8b4fef82
Red Hat Security Advisory 2014-0255-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash.
4212abf321cad59ccc1e824d2b137d7cad58e57f5311fe0731b4c04edf68e288
Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues.
76da3c1a614f58e823da66af1606ec1b461fc3a9dc9f72254429e3ca36b1946c