Mailinglist Archive: opensuse-updates (91 mails)
< Previous | Next > |
openSUSE-SU-2014:0307-1: moderate: subversion: 1.8.8 security and bugfix update
- From: opensuse-security@xxxxxxxxxxxx
- Date: Fri, 28 Feb 2014 11:04:29 +0100 (CET)
- Message-id: <20140228100429.E9F4C3213E@maintenance.suse.de>
openSUSE Security Update: subversion: 1.8.8 security and bugfix update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0307-1
Rating: moderate
References: #862459
Cross-References: CVE-2014-0032
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Apache Subversion was updated to version 1.8.8:
It fix a remotely triggerable segfault in mod_dav_svn when
svn is handling the server root and SVNListParentPath is on
[bnc#862459] CVE-2014-0032
- Client-side bugfixes:
* fix automatic relocate for wcs not at repository root
* wc: improve performance when used with SQLite 3.8
* copy: fix some scenarios that broke the working copy
* move: fix errors when moving files between an external
and the parent working copy
* log: resolve performance regression in certain scenarios
* merge: decrease work to detect differences between 3
files
* commit: don't change file permissions inappropriately
* commit: fix assertion due to invalid pool lifetime
* version: don't cut off the distribution version on Linux
* flush stdout before exiting to avoid information being
lost
* status: fix missing sentinel value on warning codes
* update/switch: improve some WC db queries that may
return incorrect results depending on how SQLite is
built
- Server-side bugfixes:
* reduce memory usage during checkout and export
* fsfs: create rep-cache.db with proper permissions
* mod_dav_svn: prevent crashes with SVNListParentPath on
[bnc#862459] CVE-2014-0032
* mod_dav_svn: fix SVNAllowBulkUpdates directive merging
* mod_dav_svn: include requested property changes in
reports
* svnserve: correct default cache size in help text
* svnadmin dump: reduce size of dump files with '--deltas'
* resolve integer underflow that resulted in infinite
loops
- developer visible changes:
* fix ocassional failure of check_tests.py 12
* fix failure with SQLite 3.8.1-3.8.3 when built with
SQLITE_ENABLE_STAT3/4 due to bug in SQLite
* specify SQLite defaults that can be changed when SQLite
is built to avoid unexpected behavior with Subversion
* numerous documentation fixes
* svn_client_commit_item3_dup() fix pool lifetime issues
* ra_serf: properly ask multiple certificate validation
providers for acceptance of certificate failures
* release internal fs objects when closing commit editor
* svn_client_proplist4() don't call the callback multiple
times for the same path in order to deliver inherited
properties
- Bindings:
* swig-pl: fix with --enable-sqlite-compatibility-version
* swig: fix building from tarball with an out-of-tree
build
- removed patches:
* subversion-1.8.x-fix-ppc-tests.patch, committed upstream
- packaging changes:
* only require and build with junit when building with
java and running regression tests
- 1.8.6 and 1.8.7 were not released
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-173
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
libsvn_auth_gnome_keyring-1-0-1.8.8-2.21.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.8-2.21.1
libsvn_auth_kwallet-1-0-1.8.8-2.21.1
libsvn_auth_kwallet-1-0-debuginfo-1.8.8-2.21.1
subversion-1.8.8-2.21.1
subversion-debuginfo-1.8.8-2.21.1
subversion-debugsource-1.8.8-2.21.1
subversion-devel-1.8.8-2.21.1
subversion-perl-1.8.8-2.21.1
subversion-perl-debuginfo-1.8.8-2.21.1
subversion-python-1.8.8-2.21.1
subversion-python-debuginfo-1.8.8-2.21.1
subversion-ruby-1.8.8-2.21.1
subversion-ruby-debuginfo-1.8.8-2.21.1
subversion-server-1.8.8-2.21.1
subversion-server-debuginfo-1.8.8-2.21.1
subversion-tools-1.8.8-2.21.1
subversion-tools-debuginfo-1.8.8-2.21.1
- openSUSE 13.1 (noarch):
subversion-bash-completion-1.8.8-2.21.1
References:
http://support.novell.com/security/cve/CVE-2014-0032.html
https://bugzilla.novell.com/862459
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0307-1
Rating: moderate
References: #862459
Cross-References: CVE-2014-0032
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Apache Subversion was updated to version 1.8.8:
It fix a remotely triggerable segfault in mod_dav_svn when
svn is handling the server root and SVNListParentPath is on
[bnc#862459] CVE-2014-0032
- Client-side bugfixes:
* fix automatic relocate for wcs not at repository root
* wc: improve performance when used with SQLite 3.8
* copy: fix some scenarios that broke the working copy
* move: fix errors when moving files between an external
and the parent working copy
* log: resolve performance regression in certain scenarios
* merge: decrease work to detect differences between 3
files
* commit: don't change file permissions inappropriately
* commit: fix assertion due to invalid pool lifetime
* version: don't cut off the distribution version on Linux
* flush stdout before exiting to avoid information being
lost
* status: fix missing sentinel value on warning codes
* update/switch: improve some WC db queries that may
return incorrect results depending on how SQLite is
built
- Server-side bugfixes:
* reduce memory usage during checkout and export
* fsfs: create rep-cache.db with proper permissions
* mod_dav_svn: prevent crashes with SVNListParentPath on
[bnc#862459] CVE-2014-0032
* mod_dav_svn: fix SVNAllowBulkUpdates directive merging
* mod_dav_svn: include requested property changes in
reports
* svnserve: correct default cache size in help text
* svnadmin dump: reduce size of dump files with '--deltas'
* resolve integer underflow that resulted in infinite
loops
- developer visible changes:
* fix ocassional failure of check_tests.py 12
* fix failure with SQLite 3.8.1-3.8.3 when built with
SQLITE_ENABLE_STAT3/4 due to bug in SQLite
* specify SQLite defaults that can be changed when SQLite
is built to avoid unexpected behavior with Subversion
* numerous documentation fixes
* svn_client_commit_item3_dup() fix pool lifetime issues
* ra_serf: properly ask multiple certificate validation
providers for acceptance of certificate failures
* release internal fs objects when closing commit editor
* svn_client_proplist4() don't call the callback multiple
times for the same path in order to deliver inherited
properties
- Bindings:
* swig-pl: fix with --enable-sqlite-compatibility-version
* swig: fix building from tarball with an out-of-tree
build
- removed patches:
* subversion-1.8.x-fix-ppc-tests.patch, committed upstream
- packaging changes:
* only require and build with junit when building with
java and running regression tests
- 1.8.6 and 1.8.7 were not released
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-173
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
libsvn_auth_gnome_keyring-1-0-1.8.8-2.21.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.8-2.21.1
libsvn_auth_kwallet-1-0-1.8.8-2.21.1
libsvn_auth_kwallet-1-0-debuginfo-1.8.8-2.21.1
subversion-1.8.8-2.21.1
subversion-debuginfo-1.8.8-2.21.1
subversion-debugsource-1.8.8-2.21.1
subversion-devel-1.8.8-2.21.1
subversion-perl-1.8.8-2.21.1
subversion-perl-debuginfo-1.8.8-2.21.1
subversion-python-1.8.8-2.21.1
subversion-python-debuginfo-1.8.8-2.21.1
subversion-ruby-1.8.8-2.21.1
subversion-ruby-debuginfo-1.8.8-2.21.1
subversion-server-1.8.8-2.21.1
subversion-server-debuginfo-1.8.8-2.21.1
subversion-tools-1.8.8-2.21.1
subversion-tools-debuginfo-1.8.8-2.21.1
- openSUSE 13.1 (noarch):
subversion-bash-completion-1.8.8-2.21.1
References:
http://support.novell.com/security/cve/CVE-2014-0032.html
https://bugzilla.novell.com/862459
< Previous | Next > |