New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.6
Synopsis
The remote openSUSE host is missing a security update.
Description
Apache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs.
This release fixes three vulnerabilities :
- Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202)
- Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)
- Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)
Non-security fixes :
- fixes number of client and server side non-security bugs
- improved working copy performance
- reduction of resource use
- stability improvements
- usability improvements
- fix sample configuration comments in subversion.conf [boo#916286]
- fix bashisms in mailer-init.sh script
Solution
Update the affected subversion packages.