Fedora 14 : subversion-1.6.15-1.fc14 (2011-0099)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

This release includes the latest Subversion release, fixing several
bugs :

- improve svnsync handling of dir copies

- hide unreadable dirs in mod_dav_svn's GET response

- make 'svnmucc propsetf' actually work

- limit memory fragmentation in svnserve

- fix 'svn export' regression from 1.6.13

- fix 'svn export' mistakenly uri-encodes paths

- fix server-side memory leaks triggered by 'blame -g'

- prevent crash in mod_dav_svn when using SVNParentPath

- allow 'log -g' to continue in the face of invalid
mergeinfo

- filter unreadable paths for 'svn ls' and 'svn co'

- fix abort in 'svn blame -g'

- fix file handle leak in ruby bindings

- remove check for 1.7-style working copies

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=667407
https://bugzilla.redhat.com/show_bug.cgi?id=667763
http://www.nessus.org/u?502cf53c

Solution :

Update the affected subversion package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 51565 ()

Bugtraq ID: 45655

CVE ID: CVE-2010-4539
CVE-2010-4644