openSUSE Security Update : subversion (openSUSE-2017-940)
High Nessus Plugin ID 102559
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for subversion to 1.9.7 fixes security issues and bugs.
The following vulnerabilities were fixed :
- CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties.
- CVE-2005-4900: SHA-1 collisions may cause repository inconsistencies (boo#1026936)
The following bugfix changes are included :
- Add instructions for running svnserve as a user different from 'svn', and remove sysconfig variables that are no longer effective with the systemd unit.
SolutionUpdate the affected subversion packages.