search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: Intel Linux Graphics Shine With Fedora 12 Editor's Note: Do It Yourself "Cloud" Google Chrome OS: First looks, first impressions Kernel Log: Coming in 2.6.32 (Part 3) - Storage TV Mythos Renewed: MythTV 0.22 with Many Improvements Enhancing openSUSE 11.2: Adding Repositories and Packages A Northwest Nobel option? (Linus for the Nobel Peace prize) SECURITY: Cloud Computing Security Benefits, Risks and Recommendations Keeping score in test-driven development with Python, PyLint, unittest, doctest, Win a CodeWeavers Linux Gaming Rig Sr Systems Engineer - Solaris - AIX (TX) Next Step Systems US-TX-Houston Post A Job | Post A Resume Gentoo Linux Advisory: Subversion Sep 30, 2004, 20 :29 UTC (0 Talkback[s]) (2388 reads) Gentoo Linux Security Advisory GLSA 200409-35 http://security.gentoo.org/ Severity: Low Title: Subversion: Metadata information leak Date: September 29, 2004 Bugs: #65085 ID: 200409-35 Synopsis An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users. Background Subversion is a versioning system designed to be a replacement for CVS. mod_authz_svn is an Apache module to do path-based authentication for Subversion repositories. Affected packages Package Vulnerable Unaffected 1 dev-util/subversion < 1.0.8 >= 1.0.8 Description There is a bug in mod_authz_svn that causes it to reveal logged metadata regarding commits to protected areas. Impact Protected files themselves will not be revealed, but an attacker could use the metadata to reveal the existence of protected areas, such as paths, file versions, and the commit logs from those areas. Workaround Rather than using mod_authz_svn, move protected areas into seperate repositories and use native Apache authentication to make these repositories unreadable. Resolution All Subversion users should upgrade to the latest version: # emerge sync # emerge -pv ">=dev-util/subversion-1.0.8" # emerge ">=dev-util/subversion-1.0.8" References [ 1 ] CAN-2004-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0749 [ 2 ] Subversion Advisory http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200409-35.xml Concerns? Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 No talkbacks posted.   Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Microsoft Articles: Visual Studio 2010 Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications Microsoft Whitepaper: How Windows Server 2008 R2 Helps Optimize IT and Save You Money Adobe Article: Java Developers Finding a Home at Adobe Flex IBM Articles: A Smarter Business Needs Smarter Technology Intel Xeon Processor Increases Server Efficiency and Capabilities Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise Oracle Whitepapers - Innovation for IT Leaders Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT Internet.com eBook: IT Manager's Guide to Social Networking Internet.com eBook: Get Ready for Windows 7 Microsoft Article: Expression Web 3--New Features for PHP Developers Whitepapers: Manage Your Business Infrastracture with IBM Whitepaper: Maximize Your Storage Investment with HP Internet.com eBook: Becoming a Better Project Manager Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Webcast: Connecting PHP to Microsoft Technologies Video: Microsoft Partner Program Benefits Video: Windows Azure Debugging Tips SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports IBM Webcast: Speed Business Innovation with Reduced Cost and Risk Video: Deploy Applications on Windows Azure MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Download: Microsoft Visual Studio 2010 Beta 2 Downloads & Free Trials: Microsoft's New Efficiency Resource Center Get the Windows 7 SDK Free Trial: Red Gate SQL Backup Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products All About Botnets MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES