Subversion: Denial of service — GLSA 201904-08

A vulnerability in Subversion could lead to a Denial of Service condition.

Affected packages

dev-vcs/subversion on all architectures
Affected versions < 1.10.4
Unaffected versions >= 1.10.4

Background

Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS’s :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.

Description

A vulnerability was discovered in Subversion’s mod_dav_svn, that could lead to a Denial of Service Condition.

Impact

An attacker could cause a possible enial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Subversion users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.10.4"
 

References

Release date
April 02, 2019

Latest revision
April 02, 2019: 1

Severity
normal

Exploitable
remote

Bugzilla entries