发布日期:2013-11-27
更新日期:2013-11-29
受影响系统:
Apache Group Subversion < 1.8.5
Apache Group Subversion < 1.7.14
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 63981
CVE(CAN) ID: CVE-2013-4558
Subversion是一款开源多用户版本控制系统,支持非ASCII文本和二进制数据。
Subversion mod_dav_svn 1.7.11-1.7.13、mod_dav_svn 1.8.1-1.8.4启用了断言后,不规范的URL请求会触发断言,造成Apache进程中断。
建议:
--------------------------------------------------------------------------------
厂商补丁:
Apache Group
------------
Apache Group已经为此发布了一个安全公告(CVE-2013-4558-advisory)以及相应补丁:
CVE-2013-4558-advisory:mod_dav_svn assertion triggered by non-canonical URLs in autoversioning commits.
链接:
补丁下载:
Patch for Subversion 1.7.x and 1.8.x:
[[[
Index: subversion/mod_dav_svn/repos.c
===================================================================
--- subversion/mod_dav_svn/repos.c (revision 1539596)
+++ subversion/mod_dav_svn/repos.c (working copy)
@@ -2456,9 +2456,12 @@ get_parent_resource(const dav_resource *resource,
parent->info = parentinfo;
parentinfo->uri_path =
- svn_stringbuf_create(get_parent_path(resource->info->uri_path->data,
- TRUE, resource->pool),
- resource->pool);
+ svn_stringbuf_create(
+ get_parent_path(
+ svn_urlpath__canonicalize(resource->info->uri_path->data,
+ resource->pool),
+ TRUE, resource->pool),
+ resource->pool);
parentinfo->repos = resource->info->repos;
parentinfo->root = resource->info->root;
parentinfo->r = resource->info->r;
]]]