openSUSE Security Update : fossil (openSUSE-2017-949)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for fossil to version 2.3 fixes the following issues :

- Potential XSS vulnerability on the /help webpage
(boo#1053267)

This update also contains all upstream improvements and fixes in
version 2.3 :

- Update internal Unicode character tables, used in
regular expression handling, from version 9.0 to 10.0.

- Show the last-sync-URL on the /urllist page

- Added the 'Event Summary' activity report

- Added the 'Security Audit' page, available to
administrators only

- Added the Last Login time to the user list page, for
administrators only

- Added the --numstat option to the fossil diff command

- Limit the size of the heap and stack on unix systems, as
a proactive defense against the Stack Clash attack

- Fix 'database locked' warnings caused by 'PRAGMA
optimize'

- Documentation updates

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1053267

Solution :

Update the affected fossil packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 102565 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now