openSUSE Security Update: subversion: security and bugfix minor version update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0932-1 Rating: moderate References: #710878 #796050 #813913 Cross-References: CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: Subversion received a minor version update to fix remote triggerable vulnerabilities in mod_dav_svn which may result in denial of service. - update to 1.6.21 [bnc#813913], addressing remotely triggerable + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs - further changes: + mod_dav_svn will omit some property values for activity urls + improve memory usage when committing properties in mod_dav_svn + fix mod_dav_svn runs pre-revprop-change twice + fixed: post-revprop-change errors cancel commit + improved logic in mod_dav_svn's implementation of lock. + fix a compatibility issue with g++ 4.7 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-76 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libsvn_auth_gnome_keyring-1-0-1.6.21-47.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.6.21-47.1 libsvn_auth_kwallet-1-0-1.6.21-47.1 libsvn_auth_kwallet-1-0-debuginfo-1.6.21-47.1 subversion-1.6.21-47.1 subversion-debuginfo-1.6.21-47.1 subversion-debugsource-1.6.21-47.1 subversion-devel-1.6.21-47.1 subversion-perl-1.6.21-47.1 subversion-perl-debuginfo-1.6.21-47.1 subversion-python-1.6.21-47.1 subversion-python-debuginfo-1.6.21-47.1 subversion-ruby-1.6.21-47.1 subversion-ruby-debuginfo-1.6.21-47.1 subversion-server-1.6.21-47.1 subversion-server-debuginfo-1.6.21-47.1 subversion-tools-1.6.21-47.1 subversion-tools-debuginfo-1.6.21-47.1 References: http://support.novell.com/security/cve/CVE-2013-1845.html http://support.novell.com/security/cve/CVE-2013-1846.html http://support.novell.com/security/cve/CVE-2013-1847.html http://support.novell.com/security/cve/CVE-2013-1849.html https://bugzilla.novell.com/710878 https://bugzilla.novell.com/796050 https://bugzilla.novell.com/813913