Amazon Linux 1 Security Advisory: ALAS-2013-221
Advisory Release Date: 2013-09-04 13:32 Pacific
Advisory Updated Date: 2014-09-15 23:21 Pacific
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
Affected Packages:
subversion
Issue Correction:
Run yum update subversion to update your system.
i686:
subversion-perl-1.7.13-1.32.amzn1.i686
subversion-javahl-1.7.13-1.32.amzn1.i686
subversion-python-1.7.13-1.32.amzn1.i686
subversion-ruby-1.7.13-1.32.amzn1.i686
subversion-libs-1.7.13-1.32.amzn1.i686
mod_dav_svn-1.7.13-1.32.amzn1.i686
subversion-tools-1.7.13-1.32.amzn1.i686
subversion-debuginfo-1.7.13-1.32.amzn1.i686
subversion-devel-1.7.13-1.32.amzn1.i686
subversion-1.7.13-1.32.amzn1.i686
src:
subversion-1.7.13-1.32.amzn1.src
x86_64:
subversion-debuginfo-1.7.13-1.32.amzn1.x86_64
subversion-python-1.7.13-1.32.amzn1.x86_64
subversion-libs-1.7.13-1.32.amzn1.x86_64
subversion-javahl-1.7.13-1.32.amzn1.x86_64
subversion-devel-1.7.13-1.32.amzn1.x86_64
mod_dav_svn-1.7.13-1.32.amzn1.x86_64
subversion-perl-1.7.13-1.32.amzn1.x86_64
subversion-tools-1.7.13-1.32.amzn1.x86_64
subversion-ruby-1.7.13-1.32.amzn1.x86_64
subversion-1.7.13-1.32.amzn1.x86_64