Detections
Analytics

Fedora 25 : subversion (2017-b9e4c24094)

high Nessus Plugin ID 102276

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

This update includes the latest stable release of _Apache Subversion_, version **1.9.6**.

### User-visible changes: #### Client-side bugfixes :

 - cp/mv: improve error message when target is an unversioned dir

- merge: reduce memory usage with large amounts of mergeinfo ([issue 4667](https://issues.apache.org/jira/browse/SVN-4667)) #### Server-side bugfixes :

 - 'svnadmin freeze': document the purpose more clearly

- dump: fix segfault when a revision has no revprops

- fsfs: improve error message upon failure to open rep-cache

- fsfs: never attempt to share directory representations

- fsfs: make consistency independent of hash algorithms 	This change makes Subversion resilient to collision attacks, including 	SHA-1 collision attacks such as http://shattered.io/. See also our 	documentation at https://subversion.apache.org/faq#shattered-sha1 and https://subversion.apache.org/docs/release-notes/1.9#sha ttered-sha1. #### Client-side and server-side bugfixes :

 - work around an APR bug related to file truncation #### Bindings bugfixes :

 - javahl: follow redirects when opening a connection

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected subversion package.

See Also

http://shattered.io/

https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9e4c24094

https://subversion.apache.org/faq#shattered-sha1

Plugin Details

Severity: High

ID: 102276

File Name: fedora_2017-b9e4c24094.nasl

Version: 3.4

Type: local

Agent: unix

Published: 8/9/2017

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:subversion, cpe:/o:fedoraproject:fedora:25

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 8/7/2017

Vulnerability Publication Date: 8/7/2017

Reference Information