Parent Directory | Revision Log
MGASA-2013-0275
1 | type: security |
2 | subject: Updated subversion package fixes security vulnerability. |
3 | CVE: |
4 | - CVE-2013-4277 |
5 | src: |
6 | 2: |
7 | core: |
8 | - subversion-1.7.13-1.mga2 |
9 | 3: |
10 | core: |
11 | - subversion-1.7.13-1.mga3 |
12 | description: | |
13 | svnserve takes a --pid-file option which creates a file containing the |
14 | process id it is running as. It does not take steps to ensure that the |
15 | file it has been directed at is not a symlink. If the pid file is in a |
16 | directory writeable by unprivileged users, the destination could be |
17 | replaced by a symlink allowing for privilege escalation. svnserve |
18 | does not create a pid file by default (CVE-2013-4277). |
19 | references: |
20 | - https://bugs.mageia.org/show_bug.cgi?id=11207 |
21 | - http://subversion.apache.org/security/CVE-2013-4277-advisory.txt |
22 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115318.html |
23 | ID: MGASA-2013-0275 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |