Univention Bugzilla – Bug 31222
subversion: Multiple DoS issues (3.1)
Last modified: 2019-04-11 19:24:17 CEST
CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 only affects later (>= 1.7) versions
Repositories in FSFS format can be corrupted by authenticated users though newline injection (CVE-2013-1968) Denial of service in svnserve through incorrect TCP connection management (CVE-2013-2112)
(In reply to Moritz Muehlenhoff from comment #1) > Repositories in FSFS format can be corrupted by authenticated users though > newline injection (CVE-2013-1968) > > Denial of service in svnserve through incorrect TCP connection management > (CVE-2013-2112) These two issues have been fixed in 3.2 with the import of Debian 6.0.8.
The --pid-file option of svnserve does not validate whether the PID file is a symlink, allowing denial of service (CVE-2013-4277)
Denial of service in mod_dav_svn (CVE-2014-0032)
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.