Fedora 23 : subversion-1.9.3-1.fc23 (2015-afdb0e8aaa)

high Nessus Plugin ID 89372

Synopsis

The remote Fedora host is missing a security update.

Description

This update includes the latest stable release of _Apache Subversion_, version **1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff:
fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in multistatus parser * svn:
report lock/unlock errors as failures * svn: cleanup user deleted external registrations * svn: allow simple resolving of binary file text conflicts * svnlook: properly remove tempfiles on diff errors * ra_serf: report built- and run-time versions of libserf * ra_serf: set Content- Type header in outgoing requests * svn: fix merging deletes of svn:eol-style CRLF/CR files * ra_local: disable zero-copy code path #### Server-side bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue 4602](http://subversion.tigris.org/issues/show_bug.cgi?id=4602)) * mod_dav_svn: fix display of process ID in cache statistics * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op changes * fsfs: avoid unneeded I/O when opening transactions #### Bindings bugfixes: * javahl: fix ABI incompatibility with 1.8 * javahl: allow non- absolute paths in SVNClient.vacuum ### Developer-visible changes: #### General :

- fix patch filter invocation in svn_client_patch() * add \@since information to config defines * fix running the tests in compatibility mode * clarify documentation of svn_fs_node_created_rev() #### API changes: * fix overflow detection in svn_stringbuf_remove and _replace
* don't ignore some of the parameters to svn_ra_svn_create_conn3

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected subversion package.

See Also

http://subversion.tigris.org/issues/show_bug.cgi?id=4602

https://bugzilla.redhat.com/show_bug.cgi?id=1289958

https://bugzilla.redhat.com/show_bug.cgi?id=1289959

http://www.nessus.org/u?d2163ff8

Plugin Details

Severity: High

ID: 89372

File Name: fedora_2015-afdb0e8aaa.nasl

Version: 1.4

Type: local

Agent: unix

Published: 3/4/2016

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:subversion, cpe:/o:fedoraproject:fedora:23

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 12/22/2015

Reference Information

CVE: CVE-2015-5259, CVE-2015-5343