Fedora 22 : subversion-1.8.15-1.fc22 (2015-6efa349a85)

high Nessus Plugin ID 89276
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Fedora host is missing a security update.


This update includes the latest stable release of _Apache Subversion 1.8_, version **1.8.15**. This update fixes two security issues: *
**CVE-2015-3184**: Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4.
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt *
**CVE-2015-3187**: Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz.
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt ### User- visible changes: #### Client-side bugfixes: * gpg-agent: fix crash with non- canonical $HOME * document svn:autoprops * cp: fix 'svn cp ^/A/D/H at 1 ^/A' to properly create A * resolve: improve conflict prompts for binary files * ls: improve performance of '-v' on tag directories * improved Sqlite 3.8.9 query performance regression on externals * fixed [issue 4580](http://subversion.tigris.org/issues/show_bug.cgi?id=4580): 'svn
-v st' on file externals reports '?' instead of user and revision after 'svn up' #### Client-side and server-side bugfixes: * fix a segfault with old style text delta #### Server-side bugfixes: * fsfs:
reduce memory allocation with Apache * mod_dav_svn: emit first log items as soon as possible * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * mod_dav_svn: do not ignore skel parsing errors
* detect invalid svndiff data earlier * prevent possible repository corruption on power/disk failures * fixed [issue 4577](http://subversion.tigris.org/issues/show_bug.cgi?id=4577): Read error with nodes whose DELTA chain starts with a PLAIN rep * fixed [issue 4531](http://subversion.tigris.org/issues/show_bug.cgi?id=4531):
server-side copy (over dav) is slow and uses too much memory #### Bindings bugfixes: * swig: fix memory corruption in svn_client_copy_source_t ### Developer-visible changes: #### General:
* avoid failing some tests on versions of Python with a very old sqlite * fix Ruby tests so they don't use the users real configuration #### Bindings: * swig-pl: fix some stack memory problems

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected subversion package.

See Also










Plugin Details

Severity: High

ID: 89276

File Name: fedora_2015-6efa349a85.nasl

Version: 2.4

Type: local

Agent: unix

Published: 3/4/2016

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 4.7


Risk Factor: High

Base Score: 9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C


Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:subversion, cpe:/o:fedoraproject:fedora:22

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2/29/2016

Reference Information

CVE: CVE-2015-3184, CVE-2015-5259, CVE-2015-5343