openSUSE Security Update : subversion (openSUSE-2015-289)
High Nessus Plugin ID 82635
SynopsisThe remote openSUSE host is missing a security update.
DescriptionApache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs.
This release fixes three vulnerabilities :
- Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202)
- Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248)
- Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251)
Non-security fixes :
- fixes number of client and server side non-security bugs
- improved working copy performance
- reduction of resource use
- stability improvements
- usability improvements
- fix sample configuration comments in subversion.conf [boo#916286]
- fix bashisms in mailer-init.sh script
SolutionUpdate the affected subversion packages.