Detections
Analytics

openSUSE Security Update : subversion (openSUSE-SU-2014:0307-1)

medium Nessus Plugin ID 75270

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

Apache Subversion was updated to version 1.8.8 :

It fix a remotely triggerable segfault in mod_dav_svn when svn is handling the server root and SVNListParentPath is on [bnc#862459] CVE-2014-0032

 - Client-side bugfixes :

 - fix automatic relocate for wcs not at repository root

 - wc: improve performance when used with SQLite 3.8

 - copy: fix some scenarios that broke the working copy

 - move: fix errors when moving files between an external and the parent working copy

 - log: resolve performance regression in certain scenarios

 - merge: decrease work to detect differences between 3 files

 - commit: don't change file permissions inappropriately

 - commit: fix assertion due to invalid pool lifetime

 - version: don't cut off the distribution version on Linux

 - flush stdout before exiting to avoid information being lost

 - status: fix missing sentinel value on warning codes

 - update/switch: improve some WC db queries that may return incorrect results depending on how SQLite is built

 - Server-side bugfixes :

 - reduce memory usage during checkout and export

 - fsfs: create rep-cache.db with proper permissions

 - mod_dav_svn: prevent crashes with SVNListParentPath on [bnc#862459] CVE-2014-0032

 - mod_dav_svn: fix SVNAllowBulkUpdates directive merging

 - mod_dav_svn: include requested property changes in reports

 - svnserve: correct default cache size in help text

 - svnadmin dump: reduce size of dump files with '--deltas'

 - resolve integer underflow that resulted in infinite loops

 - developer visible changes :

 - fix ocassional failure of check_tests.py 12

 - fix failure with SQLite 3.8.1-3.8.3 when built with SQLITE_ENABLE_STAT3/4 due to bug in SQLite

 - specify SQLite defaults that can be changed when SQLite is built to avoid unexpected behavior with Subversion

 - numerous documentation fixes

 - svn_client_commit_item3_dup() fix pool lifetime issues

 - ra_serf: properly ask multiple certificate validation providers for acceptance of certificate failures

 - release internal fs objects when closing commit editor

 - svn_client_proplist4() don't call the callback multiple times for the same path in order to deliver inherited properties

 - Bindings :

 - swig-pl: fix with --enable-sqlite-compatibility-version

 - swig: fix building from tarball with an out-of-tree build

 - removed patches :

 - subversion-1.8.x-fix-ppc-tests.patch, committed upstream

 - packaging changes :

 - only require and build with junit when building with java and running regression tests

 - 1.8.6 and 1.8.7 were not released

Solution

Update the affected subversion packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=862459

https://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html

Plugin Details

Severity: Medium

ID: 75270

File Name: openSUSE-2014-173.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo, p-cpe:/a:novell:opensuse:subversion, p-cpe:/a:novell:opensuse:subversion-bash-completion, p-cpe:/a:novell:opensuse:subversion-debuginfo, p-cpe:/a:novell:opensuse:subversion-debugsource, p-cpe:/a:novell:opensuse:subversion-devel, p-cpe:/a:novell:opensuse:subversion-perl, p-cpe:/a:novell:opensuse:subversion-perl-debuginfo, p-cpe:/a:novell:opensuse:subversion-python, p-cpe:/a:novell:opensuse:subversion-python-debuginfo, p-cpe:/a:novell:opensuse:subversion-ruby, p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo, p-cpe:/a:novell:opensuse:subversion-server, p-cpe:/a:novell:opensuse:subversion-server-debuginfo, p-cpe:/a:novell:opensuse:subversion-tools, p-cpe:/a:novell:opensuse:subversion-tools-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/22/2014

Reference Information

CVE: CVE-2014-0032