CVE-2010-4644

Publication date 7 January 2011

Last updated 24 July 2024

Ubuntu priority

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
subversion	10.10 maverick	Fixed 1.6.12dfsg-1ubuntu1.1
	10.04 LTS lucid	Fixed 1.6.6dfsg-2ubuntu1.1
	9.10 karmic	Fixed 1.6.5dfsg-1ubuntu1.1
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Notes

mdeslaur

PoC: http://svn.haxx.se/dev/archive-2010-11/0163.shtml hardy and older don’t support -g, 1.5.x and higher only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
subversion	Upstream: http://svn.apache.org/viewvc?view=revision&revision=1032808 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1041438 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1033227 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1041504

References

Related Ubuntu Security Notices (USN)