The --pid-file option of svnserve does not validate whether the PID file is a symlink, allowing denial of service (CVE-2013-4277) Denial of service in mod_dav_svn (CVE-2014-0032)
Denial of service in mod_dav_svn (CVE-2014-3580)
> Denial of service in mod_dav_svn (CVE-2014-0032) > Denial of service in mod_dav_svn (CVE-2014-3580) This was fixed during the import of the Wheezy 7.8 point update in Bug 37511 CVE-2013-4277 is a non-standard option and even if it were configured to /tmp, the kernel-level mitigations present in all supported UCS kernels render this non-exploitable, so we won't address this with a code change.
UCS 4.0-1 has been released: http://docs.univention.de/release-notes-4.0-1-en.html http://docs.univention.de/release-notes-4.0-1-de.html If this error occurs again, please use "Clone This Bug".