openSUSE Security Update : subversion (openSUSE-2015-948)
High Nessus Plugin ID 87623
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for subversion fixes the following issues :
- Apache Subversion 1.8.15 This release fixes one security issue: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies.
- fix a segfault with old style text delta
- fsfs: reduce memory allocation with Apache
- mod_dav_svn: emit first log items as soon as possible
- mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests
- swig: fix memory corruption in svn_client_copy_source_t
- better configure-time detection of httpd authz fix (drop subversion-1.8.14-httpd-version-number-detection.patch, replace subversion-1.8.9-allow-httpd-2.4.6.patch with subversion-1.8.15-allow-httpd-2.4.6.patch as a result
SolutionUpdate the affected subversion packages.