Fedora 12 : subversion-1.6.13-1.fc12.1 (2010-16115)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

This update includes the latest stable release of Subversion, version
1.6.13.

Subversion servers up to 1.6.12 (inclusive) making use of the
'SVNPathAuthz short_circuit' mod_dav_svn configuration setting have a
bug which may allow users to write and/or read portions of the
repository to which they are not intended to have access. This issue
is fixed in this update.

See http://subversion.apache.org/security/CVE-2010-3315-advisory.txt
for further details

A number of bug fixes are also included :

- don't drop properties during foreign-repo merges

- improve auto-props failure error message

- improve error message for 403 status with ra_neon

- don't allow 'merge --reintegrate' for 2-url merges

- improve handling of missing fsfs.conf during hotcopy

- escape unsafe characters in a URL during export

- don't leak stale locks in FSFS

- better detect broken working copies during update over
ra_neon

- fsfs: make rev files read-only

- properly canonicalize a URL

- fix wc corruption with 'commit --depth=empty'

- permissions fixes when doing reintegrate merges

- fix mergeinfo miscalculation during 2-url merges

- fix error transmission problems in svnserve

- fixed: record-only merges create self-referential
mergeinfo

- make 'svnmucc propset' handle existing and
non-existing URLs

- add new 'propsetf' subcommand to svnmucc

- emit a warning about copied dirs during ci with
limited depth

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://subversion.apache.org/security/CVE-2010-3315-advisory.txt
https://bugzilla.redhat.com/show_bug.cgi?id=640317
http://www.nessus.org/u?071f0ef1

Solution :

Update the affected subversion package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 50394 ()

Bugtraq ID: 43678

CVE ID: CVE-2010-3315

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now