Subversion: Multiple vulnerabilities — GLSA 201309-11

Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information.

Affected Packages

dev-vcs/subversion on all architectures
Affected versions < 1.7.13
Unaffected versions >= 1.7.13

Background

Subversion is a versioning system designed to be a replacement for CVS.

Description

Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause a Denial of Service condition or obtain sensitive information. A local attacker could escalate his privileges to the user running svnserve.

Workaround

There is no known workaround at this time.

Resolution

All Subversion users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13"
 

References

Release Date
September 23, 2013

Latest Revision
September 23, 2013: 1

Severity
low

Exploitable
local, remote

Bugzilla entries