CVE-2011-1921

Publication date 2 June 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

Status

Package Ubuntu Release Status
subversion 11.04 natty
Fixed 1.6.12dfsg-4ubuntu2.1
10.10 maverick
Fixed 1.6.12dfsg-1ubuntu1.3
10.04 LTS lucid
Fixed 1.6.6dfsg-2ubuntu1.3
8.04 LTS hardy Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
subversion

References

Related Ubuntu Security Notices (USN)

    • USN-1144-1
    • Subversion vulnerabilities
    • 6 June 2011

Other references