ALAS-2013-221


Amazon Linux AMI Security Advisory: ALAS-2013-221
Advisory Release Date: 2014-09-15 23:21 Pacific
Severity: Medium
References: CVE-2013-4131 

Issue Overview:

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.


Affected Packages:

subversion


Issue Correction:
Run yum update subversion to update your system.

New Packages:
i686:
    subversion-perl-1.7.13-1.32.amzn1.i686
    subversion-javahl-1.7.13-1.32.amzn1.i686
    subversion-python-1.7.13-1.32.amzn1.i686
    subversion-ruby-1.7.13-1.32.amzn1.i686
    subversion-libs-1.7.13-1.32.amzn1.i686
    mod_dav_svn-1.7.13-1.32.amzn1.i686
    subversion-tools-1.7.13-1.32.amzn1.i686
    subversion-debuginfo-1.7.13-1.32.amzn1.i686
    subversion-devel-1.7.13-1.32.amzn1.i686
    subversion-1.7.13-1.32.amzn1.i686

src:
    subversion-1.7.13-1.32.amzn1.src

x86_64:
    subversion-debuginfo-1.7.13-1.32.amzn1.x86_64
    subversion-python-1.7.13-1.32.amzn1.x86_64
    subversion-libs-1.7.13-1.32.amzn1.x86_64
    subversion-javahl-1.7.13-1.32.amzn1.x86_64
    subversion-devel-1.7.13-1.32.amzn1.x86_64
    mod_dav_svn-1.7.13-1.32.amzn1.x86_64
    subversion-perl-1.7.13-1.32.amzn1.x86_64
    subversion-tools-1.7.13-1.32.amzn1.x86_64
    subversion-ruby-1.7.13-1.32.amzn1.x86_64
    subversion-1.7.13-1.32.amzn1.x86_64