openSUSE Security Update : subversion (openSUSE-SU-2014:0307-1)

medium Nessus Plugin ID 75270
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

Apache Subversion was updated to version 1.8.8 :

It fix a remotely triggerable segfault in mod_dav_svn when svn is handling the server root and SVNListParentPath is on [bnc#862459] CVE-2014-0032

- Client-side bugfixes :

- fix automatic relocate for wcs not at repository root

- wc: improve performance when used with SQLite 3.8

- copy: fix some scenarios that broke the working copy

- move: fix errors when moving files between an external and the parent working copy

- log: resolve performance regression in certain scenarios

- merge: decrease work to detect differences between 3 files

- commit: don't change file permissions inappropriately

- commit: fix assertion due to invalid pool lifetime

- version: don't cut off the distribution version on Linux

- flush stdout before exiting to avoid information being lost

- status: fix missing sentinel value on warning codes

- update/switch: improve some WC db queries that may return incorrect results depending on how SQLite is built

- Server-side bugfixes :

- reduce memory usage during checkout and export

- fsfs: create rep-cache.db with proper permissions

- mod_dav_svn: prevent crashes with SVNListParentPath on [bnc#862459] CVE-2014-0032

- mod_dav_svn: fix SVNAllowBulkUpdates directive merging

- mod_dav_svn: include requested property changes in reports

- svnserve: correct default cache size in help text

- svnadmin dump: reduce size of dump files with '--deltas'

- resolve integer underflow that resulted in infinite loops

- developer visible changes :

- fix ocassional failure of check_tests.py 12

- fix failure with SQLite 3.8.1-3.8.3 when built with SQLITE_ENABLE_STAT3/4 due to bug in SQLite

- specify SQLite defaults that can be changed when SQLite is built to avoid unexpected behavior with Subversion

- numerous documentation fixes

- svn_client_commit_item3_dup() fix pool lifetime issues

- ra_serf: properly ask multiple certificate validation providers for acceptance of certificate failures

- release internal fs objects when closing commit editor

- svn_client_proplist4() don't call the callback multiple times for the same path in order to deliver inherited properties

- Bindings :

- swig-pl: fix with --enable-sqlite-compatibility-version

- swig: fix building from tarball with an out-of-tree build

- removed patches :

- subversion-1.8.x-fix-ppc-tests.patch, committed upstream

- packaging changes :

- only require and build with junit when building with java and running regression tests

- 1.8.6 and 1.8.7 were not released

Solution

Update the affected subversion packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=862459

https://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html

Plugin Details

Severity: Medium

ID: 75270

File Name: openSUSE-2014-173.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo, p-cpe:/a:novell:opensuse:subversion, p-cpe:/a:novell:opensuse:subversion-bash-completion, p-cpe:/a:novell:opensuse:subversion-debuginfo, p-cpe:/a:novell:opensuse:subversion-debugsource, p-cpe:/a:novell:opensuse:subversion-devel, p-cpe:/a:novell:opensuse:subversion-perl, p-cpe:/a:novell:opensuse:subversion-perl-debuginfo, p-cpe:/a:novell:opensuse:subversion-python, p-cpe:/a:novell:opensuse:subversion-python-debuginfo, p-cpe:/a:novell:opensuse:subversion-ruby, p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo, p-cpe:/a:novell:opensuse:subversion-server, p-cpe:/a:novell:opensuse:subversion-server-debuginfo, p-cpe:/a:novell:opensuse:subversion-tools, p-cpe:/a:novell:opensuse:subversion-tools-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/22/2014

Reference Information

CVE: CVE-2014-0032