Subject: [ASA-201901-17] subversion: denial of service Arch Linux Security Advisory ASA-201901-17 ========================================== Severity: High Date : 2019-01-28 CVE-ID : CVE-2018-11803 Package : subversion Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-858 Summary ======= The package subversion before version 1.11.1-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1.11.1-1. # pacman -Syu "subversion>=1.11.1-1" The problem has been fixed upstream in version 1.11.1. Workaround ========== None. Description =========== A denial of service has been found in subversion versions prior to 1.11.1, allowing a malicious SVN client to crash a remote server using mod_dav_svn by omitting the root path from a recursive directory listing request, causing mod_dav_svn to dereference an uninitialized pointer variable and crash the httpd worker process handling the request. Impact ====== A remote attacker is able to crash the server by sending a specially crafted request. References ========== https://subversion.apache.org/security/CVE-2018-11803-advisory.txt https://security.archlinux.org/CVE-2018-11803