openSUSE Security Update: subversion: update to 1.7.14 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1860-1 Rating: moderate References: #850667 #850747 Cross-References: CVE-2013-4505 CVE-2013-4558 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following issues with subversion: - bnc#850747: update to 1.7.14 * CVE-2013-4505: mod_dontdothat does not restrict requests from serf clients. * CVE-2013-4558: mod_dav_svn assertion triggered by autoversioning commits. + Client- and server-side bugfixes: * fix assertion on urls of the form 'file://./' + Client-side bugfixes: * upgrade: fix an assertion when used with pre-1.3 wcs * fix externals that point at redirected locations * diff: fix incorrect calculation of changes in some cases * diff: fix errors with added/deleted targets + Server-side bugfixes: * mod_dav_svn: Prevent crashes with some 3rd party modules * fix OOM on concurrent requests at threaded server start * fsfs: limit commit time of files with deep change histories * mod_dav_svn: canonicalize paths properly + Other tool improvements and bugfixes: * mod_dontdothat: Fix the uri parser + Developer-visible changes: * javahl: canonicalize path for streamFileContent method + require python-sqlite when running regression tests Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-962 - openSUSE 12.2: zypper in -t patch openSUSE-2013-962 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libsvn_auth_gnome_keyring-1-0-1.7.14-2.22.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.14-2.22.1 libsvn_auth_kwallet-1-0-1.7.14-2.22.1 libsvn_auth_kwallet-1-0-debuginfo-1.7.14-2.22.1 subversion-1.7.14-2.22.1 subversion-debuginfo-1.7.14-2.22.1 subversion-debugsource-1.7.14-2.22.1 subversion-devel-1.7.14-2.22.1 subversion-perl-1.7.14-2.22.1 subversion-perl-debuginfo-1.7.14-2.22.1 subversion-python-1.7.14-2.22.1 subversion-python-debuginfo-1.7.14-2.22.1 subversion-server-1.7.14-2.22.1 subversion-server-debuginfo-1.7.14-2.22.1 subversion-tools-1.7.14-2.22.1 subversion-tools-debuginfo-1.7.14-2.22.1 - openSUSE 12.3 (noarch): subversion-bash-completion-1.7.14-2.22.1 - openSUSE 12.2 (i586 x86_64): libsvn_auth_gnome_keyring-1-0-1.7.14-4.30.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.14-4.30.1 libsvn_auth_kwallet-1-0-1.7.14-4.30.1 libsvn_auth_kwallet-1-0-debuginfo-1.7.14-4.30.1 subversion-1.7.14-4.30.1 subversion-debuginfo-1.7.14-4.30.1 subversion-debugsource-1.7.14-4.30.1 subversion-devel-1.7.14-4.30.1 subversion-perl-1.7.14-4.30.1 subversion-perl-debuginfo-1.7.14-4.30.1 subversion-python-1.7.14-4.30.1 subversion-python-debuginfo-1.7.14-4.30.1 subversion-server-1.7.14-4.30.1 subversion-server-debuginfo-1.7.14-4.30.1 subversion-tools-1.7.14-4.30.1 subversion-tools-debuginfo-1.7.14-4.30.1 - openSUSE 12.2 (noarch): subversion-bash-completion-1.7.14-4.30.1 References: http://support.novell.com/security/cve/CVE-2013-4505.html http://support.novell.com/security/cve/CVE-2013-4558.html https://bugzilla.novell.com/850667 https://bugzilla.novell.com/850747