openSUSE Security Update : subversion (openSUSE-SU-2013:1006-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of subversion includes several bug and security fixes.

- update to 1.7.10 [bnc#821505] CVE-2013-1968
CVE-2013-2088 CVE-2013-2112

- Client-side bugfixes :

- fix 'svn revert' 'no such table: revert_list' spurious
error

- fix 'svn diff' doesn't show some locally added files

- fix changelist filtering when --changelist values aren't
UTF8

- fix 'svn diff --git' shows wrong copyfrom

- fix 'svn diff -x-w' shows wrong changes

- fix 'svn blame' sometimes shows every line as modified

- fix regression in 'svn status -u' output for externals

- fix file permissions change on commit of file with
keywords

- improve some fatal error messages

- fix externals not removed when working copy is made
shallow

- Server-side bugfixes :

- fix repository corruption due to newline in filename

- fix svnserve exiting when a client connection is aborted

- fix svnserve memory use after clear

- fix repository corruption on power/disk failure on
Windows

- Developer visible changes :

- make get-deps.sh compatible with Solaris /bin/sh

- fix infinite recursion bug in get-deps.sh

- fix uninitialised output parameter of
svn_fs_commit_txn()

- Bindings :

- fix JavaHL thread-safety bug

See also :

http://lists.opensuse.org/opensuse-updates/2013-06/msg00136.html
https://bugzilla.novell.com/show_bug.cgi?id=821505

Solution :

Update the affected subversion packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 75035 ()

Bugtraq ID: 60264
60265
60267

CVE ID: CVE-2013-1968
CVE-2013-2088
CVE-2013-2112

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now