openSUSE Security Update : subversion (openSUSE-SU-2014:0307-1)

Medium Nessus Plugin ID 75270


The remote openSUSE host is missing a security update.


Apache Subversion was updated to version 1.8.8 :

It fix a remotely triggerable segfault in mod_dav_svn when svn is handling the server root and SVNListParentPath is on [bnc#862459] CVE-2014-0032

- Client-side bugfixes :

- fix automatic relocate for wcs not at repository root

- wc: improve performance when used with SQLite 3.8

- copy: fix some scenarios that broke the working copy

- move: fix errors when moving files between an external and the parent working copy

- log: resolve performance regression in certain scenarios

- merge: decrease work to detect differences between 3 files

- commit: don't change file permissions inappropriately

- commit: fix assertion due to invalid pool lifetime

- version: don't cut off the distribution version on Linux

- flush stdout before exiting to avoid information being lost

- status: fix missing sentinel value on warning codes

- update/switch: improve some WC db queries that may return incorrect results depending on how SQLite is built

- Server-side bugfixes :

- reduce memory usage during checkout and export

- fsfs: create rep-cache.db with proper permissions

- mod_dav_svn: prevent crashes with SVNListParentPath on [bnc#862459] CVE-2014-0032

- mod_dav_svn: fix SVNAllowBulkUpdates directive merging

- mod_dav_svn: include requested property changes in reports

- svnserve: correct default cache size in help text

- svnadmin dump: reduce size of dump files with '--deltas'

- resolve integer underflow that resulted in infinite loops

- developer visible changes :

- fix ocassional failure of 12

- fix failure with SQLite 3.8.1-3.8.3 when built with SQLITE_ENABLE_STAT3/4 due to bug in SQLite

- specify SQLite defaults that can be changed when SQLite is built to avoid unexpected behavior with Subversion

- numerous documentation fixes

- svn_client_commit_item3_dup() fix pool lifetime issues

- ra_serf: properly ask multiple certificate validation providers for acceptance of certificate failures

- release internal fs objects when closing commit editor

- svn_client_proplist4() don't call the callback multiple times for the same path in order to deliver inherited properties

- Bindings :

- swig-pl: fix with --enable-sqlite-compatibility-version

- swig: fix building from tarball with an out-of-tree build

- removed patches :

- subversion-1.8.x-fix-ppc-tests.patch, committed upstream

- packaging changes :

- only require and build with junit when building with java and running regression tests

- 1.8.6 and 1.8.7 were not released


Update the affected subversion packages.

See Also

Plugin Details

Severity: Medium

ID: 75270

File Name: openSUSE-2014-173.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo, p-cpe:/a:novell:opensuse:subversion, p-cpe:/a:novell:opensuse:subversion-bash-completion, p-cpe:/a:novell:opensuse:subversion-debuginfo, p-cpe:/a:novell:opensuse:subversion-debugsource, p-cpe:/a:novell:opensuse:subversion-devel, p-cpe:/a:novell:opensuse:subversion-perl, p-cpe:/a:novell:opensuse:subversion-perl-debuginfo, p-cpe:/a:novell:opensuse:subversion-python, p-cpe:/a:novell:opensuse:subversion-python-debuginfo, p-cpe:/a:novell:opensuse:subversion-ruby, p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo, p-cpe:/a:novell:opensuse:subversion-server, p-cpe:/a:novell:opensuse:subversion-server-debuginfo, p-cpe:/a:novell:opensuse:subversion-tools, p-cpe:/a:novell:opensuse:subversion-tools-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/02/22

Reference Information

CVE: CVE-2014-0032