Mailinglist Archive: opensuse-updates (130 mails)

< Previous Next >
openSUSE-SU-2013:1860-1: moderate: subversion: update to 1.7.14
openSUSE Security Update: subversion: update to 1.7.14
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1860-1
Rating: moderate
References: #850667 #850747
Cross-References: CVE-2013-4505 CVE-2013-4558
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update fixes the following issues with subversion:
- bnc#850747: update to 1.7.14
* CVE-2013-4505: mod_dontdothat does not restrict
requests from serf clients.
* CVE-2013-4558: mod_dav_svn assertion triggered by
autoversioning commits.

+ Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
+ Client-side bugfixes:
* upgrade: fix an assertion when used with pre-1.3 wcs
* fix externals that point at redirected locations
* diff: fix incorrect calculation of changes in some
cases
* diff: fix errors with added/deleted targets
+ Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party
modules
* fix OOM on concurrent requests at threaded server
start
* fsfs: limit commit time of files with deep change
histories
* mod_dav_svn: canonicalize paths properly
+ Other tool improvements and bugfixes:
* mod_dontdothat: Fix the uri parser
+ Developer-visible changes:
* javahl: canonicalize path for streamFileContent method
+ require python-sqlite when running regression tests


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-962

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-962

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.7.14-2.22.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.14-2.22.1
libsvn_auth_kwallet-1-0-1.7.14-2.22.1
libsvn_auth_kwallet-1-0-debuginfo-1.7.14-2.22.1
subversion-1.7.14-2.22.1
subversion-debuginfo-1.7.14-2.22.1
subversion-debugsource-1.7.14-2.22.1
subversion-devel-1.7.14-2.22.1
subversion-perl-1.7.14-2.22.1
subversion-perl-debuginfo-1.7.14-2.22.1
subversion-python-1.7.14-2.22.1
subversion-python-debuginfo-1.7.14-2.22.1
subversion-server-1.7.14-2.22.1
subversion-server-debuginfo-1.7.14-2.22.1
subversion-tools-1.7.14-2.22.1
subversion-tools-debuginfo-1.7.14-2.22.1

- openSUSE 12.3 (noarch):

subversion-bash-completion-1.7.14-2.22.1

- openSUSE 12.2 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.7.14-4.30.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.14-4.30.1
libsvn_auth_kwallet-1-0-1.7.14-4.30.1
libsvn_auth_kwallet-1-0-debuginfo-1.7.14-4.30.1
subversion-1.7.14-4.30.1
subversion-debuginfo-1.7.14-4.30.1
subversion-debugsource-1.7.14-4.30.1
subversion-devel-1.7.14-4.30.1
subversion-perl-1.7.14-4.30.1
subversion-perl-debuginfo-1.7.14-4.30.1
subversion-python-1.7.14-4.30.1
subversion-python-debuginfo-1.7.14-4.30.1
subversion-server-1.7.14-4.30.1
subversion-server-debuginfo-1.7.14-4.30.1
subversion-tools-1.7.14-4.30.1
subversion-tools-debuginfo-1.7.14-4.30.1

- openSUSE 12.2 (noarch):

subversion-bash-completion-1.7.14-4.30.1


References:

http://support.novell.com/security/cve/CVE-2013-4505.html
http://support.novell.com/security/cve/CVE-2013-4558.html
https://bugzilla.novell.com/850667
https://bugzilla.novell.com/850747


< Previous Next >
This Thread
  • No further messages