02 Jun 2011
Apache Subversion 1.x
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Two vulnerabilities have been reported in Apache Subversion, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) A NULL pointer dereference error in the mod_dav_svn module when processing baselined resource requests can be exploited to cause a crash.
This vulnerability is reported in versions 1.6.16 and prior.
2) An error within the mod_dav_svn module when handling certain path-based access control rules can be exploited to trigger an infinite loop and exhaust memory.
This vulnerability is reported in versions 1.5.0 through 1.6.16.
NOTE: A weakness in the handling of path-based access control rules, which could result in certain unreadable files and directories becoming readable has also been reported.
Update to version 1.6.17.
1) Reported by the vendor