CVE-2010-4644

Publication date 7 January 2011

Last updated 24 July 2024

Ubuntu priority

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
subversion	10.10 maverick	Fixed 1.6.12dfsg-1ubuntu1.1
	10.04 LTS lucid	Fixed 1.6.6dfsg-2ubuntu1.1
	9.10 karmic	Fixed 1.6.5dfsg-1ubuntu1.1
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Notes

mdeslaur

PoC: http://svn.haxx.se/dev/archive-2010-11/0163.shtml hardy and older don't support -g, 1.5.x and higher only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
subversion	Upstream: http://svn.apache.org/viewvc?view=revision&revision=1032808 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1041438 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1033227 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1041504

References

Related Ubuntu Security Notices (USN)