Mailinglist Archive: opensuse-updates (200 mails)

< Previous Next >
openSUSE-SU-2013:0932-1: moderate: subversion: security and bugfix minor version update
openSUSE Security Update: subversion: security and bugfix minor version
update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0932-1
Rating: moderate
References: #710878 #796050 #813913
Cross-References: CVE-2013-1845 CVE-2013-1846 CVE-2013-1847
CVE-2013-1849
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:


Subversion received a minor version update to fix remote
triggerable vulnerabilities in mod_dav_svn which may result
in denial of service.

- update to 1.6.21 [bnc#813913], addressing remotely
triggerable
+ CVE-2013-1845: mod_dav_svn excessive memory usage from
property changes
+ CVE-2013-1846: mod_dav_svn crashes on LOCK requests
against activity URLs
+ CVE-2013-1847: mod_dav_svn crashes on LOCK requests
against non-existant URLs
+ CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests
against activity URLs
- further changes:
+ mod_dav_svn will omit some property values for activity
urls
+ improve memory usage when committing properties in
mod_dav_svn
+ fix mod_dav_svn runs pre-revprop-change twice
+ fixed: post-revprop-change errors cancel commit
+ improved logic in mod_dav_svn's implementation of lock.
+ fix a compatibility issue with g++ 4.7


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-76

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.6.21-47.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.6.21-47.1
libsvn_auth_kwallet-1-0-1.6.21-47.1
libsvn_auth_kwallet-1-0-debuginfo-1.6.21-47.1
subversion-1.6.21-47.1
subversion-debuginfo-1.6.21-47.1
subversion-debugsource-1.6.21-47.1
subversion-devel-1.6.21-47.1
subversion-perl-1.6.21-47.1
subversion-perl-debuginfo-1.6.21-47.1
subversion-python-1.6.21-47.1
subversion-python-debuginfo-1.6.21-47.1
subversion-ruby-1.6.21-47.1
subversion-ruby-debuginfo-1.6.21-47.1
subversion-server-1.6.21-47.1
subversion-server-debuginfo-1.6.21-47.1
subversion-tools-1.6.21-47.1
subversion-tools-debuginfo-1.6.21-47.1


References:

http://support.novell.com/security/cve/CVE-2013-1845.html
http://support.novell.com/security/cve/CVE-2013-1846.html
http://support.novell.com/security/cve/CVE-2013-1847.html
http://support.novell.com/security/cve/CVE-2013-1849.html
https://bugzilla.novell.com/710878
https://bugzilla.novell.com/796050
https://bugzilla.novell.com/813913


< Previous Next >
This Thread
  • No further messages