openSUSE Security Update : subversion (openSUSE-2016-1435)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for subversion fixes the following issues :

- Version update to 1.9.5 :

- Unrestricted XML entity expansion in mod_dontdothat and
Subversion clients using http(s):// (boo#1011552,
CVE-2016-8734)

- Client-side bugfixes :

- fix accessing non-existent paths during reintegrate
merge (r1766699 et al)

- fix handling of newly secured subdirectories in working
copy (r1724448)

- info: remove trailing whitespace in --show-item=revision
(issue #4660)

- fix recording wrong revisions for tree conflicts
(r1734106)

- gpg-agent: improve discovery of gpg-agent sockets
(r1766327)

- gpg-agent: fix file descriptor leak (r1766323)

- resolve: fix --accept=mine-full for binary files (issue
#4647)

- merge: fix possible crash (issue #4652)

- resolve: fix possible crash (r1748514)

- fix potential crash in Win32 crash reporter (r1663253 et
al)

- Server-side bugfixes :

- fsfs: fix 'offset too large' error during pack (issue
#4657)

- svnserve: enable hook script environments (r1769152)

- fsfs: fix possible data reconstruction error (issue
#4658)

- fix source of spurious 'incoming edit' tree conflicts
(r1770108)

- fsfs: improve caching for large directories (r1721285)

- fsfs: fix crash when encountering all-zero checksums
(r1759686)

- fsfs: fix potential source of repository corruptions
(r1756266)

- mod_dav_svn: fix excessive memory usage with
mod_headers/mod_deflate (issue #3084)

- mod_dav_svn: reduce memory usage during GET requests
(r1757529 et al)

- fsfs: fix unexpected 'database is locked' errors
(r1741096 et al)

- fsfs: fix opening old repositories without db/format
files (r1720015)

- Client-side and server-side bugfixes :

- fix possible crash when reading invalid configuration
files (r1715777)

- Bindings bugfixes :

- swig-pl: do not corrupt '{DATE}' revision variable
(r1767768)

- javahl: fix temporary accepting SSL server certificates
(r1764851)

- swig-pl: fix possible stack corruption (r1683266,
r1683267)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1011552

Solution :

Update the affected subversion packages.

Risk factor :

Low

Family: SuSE Local Security Checks

Nessus Plugin ID: 95707 ()

Bugtraq ID:

CVE ID: CVE-2016-8734

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now