openSUSE Security Update : subversion (openSUSE-2016-1435)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for subversion fixes the following issues :

- Version update to 1.9.5 :

- Unrestricted XML entity expansion in mod_dontdothat and
Subversion clients using http(s):// (boo#1011552,

- Client-side bugfixes :

- fix accessing non-existent paths during reintegrate
merge (r1766699 et al)

- fix handling of newly secured subdirectories in working
copy (r1724448)

- info: remove trailing whitespace in --show-item=revision
(issue #4660)

- fix recording wrong revisions for tree conflicts

- gpg-agent: improve discovery of gpg-agent sockets

- gpg-agent: fix file descriptor leak (r1766323)

- resolve: fix --accept=mine-full for binary files (issue

- merge: fix possible crash (issue #4652)

- resolve: fix possible crash (r1748514)

- fix potential crash in Win32 crash reporter (r1663253 et

- Server-side bugfixes :

- fsfs: fix 'offset too large' error during pack (issue

- svnserve: enable hook script environments (r1769152)

- fsfs: fix possible data reconstruction error (issue

- fix source of spurious 'incoming edit' tree conflicts

- fsfs: improve caching for large directories (r1721285)

- fsfs: fix crash when encountering all-zero checksums

- fsfs: fix potential source of repository corruptions

- mod_dav_svn: fix excessive memory usage with
mod_headers/mod_deflate (issue #3084)

- mod_dav_svn: reduce memory usage during GET requests
(r1757529 et al)

- fsfs: fix unexpected 'database is locked' errors
(r1741096 et al)

- fsfs: fix opening old repositories without db/format
files (r1720015)

- Client-side and server-side bugfixes :

- fix possible crash when reading invalid configuration
files (r1715777)

- Bindings bugfixes :

- swig-pl: do not corrupt '{DATE}' revision variable

- javahl: fix temporary accepting SSL server certificates

- swig-pl: fix possible stack corruption (r1683266,

See also :

Solution :

Update the affected subversion packages.

Risk factor :


Family: SuSE Local Security Checks

Nessus Plugin ID: 95707 ()

Bugtraq ID:

CVE ID: CVE-2016-8734

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now