The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1]   Go Down

Author Topic: Looking for mod Subversion (mod_svn) 1.8.11 VC11, X64  (Read 3630 times)

pgd

  • Newbie
  • *
  • Offline Offline
  • Posts: 9
Looking for mod Subversion (mod_svn) 1.8.11 VC11, X64
« on: January 06, 2015, 11:36:37 AM »

Hello,

Do you plan to release mod Subversion (mod_svn) 1.8.11 VC11, X64 in the near future?
Looking for it following a security advisory from Secunia: http://secunia.com/advisories/61131/
Source changes: http://svn.apache.org/repos/asf/subversion/branches/1.8.x/CHANGES

Thank you in advance
  Daniel
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 578
Re: Looking for mod Subversion (mod_svn) 1.8.11 VC11, X64
« Reply #1 on: January 06, 2015, 11:52:54 AM »

Hi Daniel,

I can't view the secunia stuff, cause I have no login. What is important to build that new version?

Cheers
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 837
Re: Looking for mod Subversion (mod_svn) 1.8.11 VC11, X64
« Reply #2 on: January 06, 2015, 05:54:36 PM »

http://subversion.apache.org/security/CVE-2014-3580-advisory.txt

Summary:
========

  Subversion's mod_dav_svn Apache HTTPD server module will crash when it
  receives a REPORT request for some invalid formatted special URIs.

  This can lead to a DoS.  There are no known instances of this problem
  being exploited in the wild.

Severity:
=========

  CVSSv2 Base Score: 5.0
  CVSSv2 Base Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

  We consider this to be a medium risk vulnerability.  Repositories which
  allow for anonymous reads will be vulnerable without authentication.

  Unfortunately, no special configuration is required and all mod_dav_svn
  servers are vulnerable.

  A remote attacker may be able to crash a Subversion server.  Many Apache
  servers will respawn the listener processes, but a determined attacker
  will be able to crash these processes as they appear, denying service to
  legitimate users.  Servers using threaded MPMs will close the connection
  on other clients being served by the same process that services the
  request from the attacker
. :P In either case there is an increased
  processing impact of restarting a process and the cost of per process
  caches being lost.

Recommendations:
================

  We recommend all users to upgrade to Subversion 1.8.11.  Users of
  Subversion 1.7.x or 1.8.x who are unable to upgrade may apply the
  included patch.

  New Subversion packages can be found at:
  http://subversion.apache.org/packages.html

  No known workarounds are available.

References:
===========

  CVE-2014-3580  (Subversion)
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 578
Re: Looking for mod Subversion (mod_svn) 1.8.11 VC11, X64
« Reply #3 on: January 06, 2015, 06:21:20 PM »

I see! Will build that this week. Sorry for the delay, but holidays are for family.
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 578
Re: Looking for mod Subversion (mod_svn) 1.8.11 VC11, X64
« Reply #4 on: January 11, 2015, 06:40:39 PM »

The binaries are now on the download page
Logged

pgd

  • Newbie
  • *
  • Offline Offline
  • Posts: 9
Re: Looking for mod Subversion (mod_svn) 1.8.11 VC11, X64
« Reply #5 on: January 12, 2015, 10:38:23 AM »

The binaries are now on the download page

Thank you very much!
I will install them later today.
Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13