Mailinglist Archive: opensuse-updates (91 mails)

< Previous Next >
openSUSE-SU-2014:0307-1: moderate: subversion: 1.8.8 security and bugfix update
openSUSE Security Update: subversion: 1.8.8 security and bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0307-1
Rating: moderate
References: #862459
Cross-References: CVE-2014-0032
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


Apache Subversion was updated to version 1.8.8:

It fix a remotely triggerable segfault in mod_dav_svn when
svn is handling the server root and SVNListParentPath is on
[bnc#862459] CVE-2014-0032
- Client-side bugfixes:
* fix automatic relocate for wcs not at repository root
* wc: improve performance when used with SQLite 3.8
* copy: fix some scenarios that broke the working copy
* move: fix errors when moving files between an external
and the parent working copy
* log: resolve performance regression in certain scenarios
* merge: decrease work to detect differences between 3
files
* commit: don't change file permissions inappropriately
* commit: fix assertion due to invalid pool lifetime
* version: don't cut off the distribution version on Linux
* flush stdout before exiting to avoid information being
lost
* status: fix missing sentinel value on warning codes
* update/switch: improve some WC db queries that may
return incorrect results depending on how SQLite is
built
- Server-side bugfixes:
* reduce memory usage during checkout and export
* fsfs: create rep-cache.db with proper permissions
* mod_dav_svn: prevent crashes with SVNListParentPath on
[bnc#862459] CVE-2014-0032
* mod_dav_svn: fix SVNAllowBulkUpdates directive merging
* mod_dav_svn: include requested property changes in
reports
* svnserve: correct default cache size in help text
* svnadmin dump: reduce size of dump files with '--deltas'
* resolve integer underflow that resulted in infinite
loops
- developer visible changes:
* fix ocassional failure of check_tests.py 12
* fix failure with SQLite 3.8.1-3.8.3 when built with
SQLITE_ENABLE_STAT3/4 due to bug in SQLite
* specify SQLite defaults that can be changed when SQLite
is built to avoid unexpected behavior with Subversion
* numerous documentation fixes
* svn_client_commit_item3_dup() fix pool lifetime issues
* ra_serf: properly ask multiple certificate validation
providers for acceptance of certificate failures
* release internal fs objects when closing commit editor
* svn_client_proplist4() don't call the callback multiple
times for the same path in order to deliver inherited
properties
- Bindings:
* swig-pl: fix with --enable-sqlite-compatibility-version
* swig: fix building from tarball with an out-of-tree
build
- removed patches:
* subversion-1.8.x-fix-ppc-tests.patch, committed upstream
- packaging changes:
* only require and build with junit when building with
java and running regression tests
- 1.8.6 and 1.8.7 were not released


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-173

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.8.8-2.21.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.8-2.21.1
libsvn_auth_kwallet-1-0-1.8.8-2.21.1
libsvn_auth_kwallet-1-0-debuginfo-1.8.8-2.21.1
subversion-1.8.8-2.21.1
subversion-debuginfo-1.8.8-2.21.1
subversion-debugsource-1.8.8-2.21.1
subversion-devel-1.8.8-2.21.1
subversion-perl-1.8.8-2.21.1
subversion-perl-debuginfo-1.8.8-2.21.1
subversion-python-1.8.8-2.21.1
subversion-python-debuginfo-1.8.8-2.21.1
subversion-ruby-1.8.8-2.21.1
subversion-ruby-debuginfo-1.8.8-2.21.1
subversion-server-1.8.8-2.21.1
subversion-server-debuginfo-1.8.8-2.21.1
subversion-tools-1.8.8-2.21.1
subversion-tools-debuginfo-1.8.8-2.21.1

- openSUSE 13.1 (noarch):

subversion-bash-completion-1.8.8-2.21.1


References:

http://support.novell.com/security/cve/CVE-2014-0032.html
https://bugzilla.novell.com/862459


< Previous Next >
This Thread
  • No further messages