Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 21: 2015-11795 Moderate: DoS Threat in Subversion Resolved

fedora
Calendar Grey July 29, 2015
Dist Fedora Esm H88
Fedora 21 Update Announcement for Apache Subversion featuring essential security enhancements and update specifics.
This update includes the latest stable release of **Apache Subversion**, version **1.8.13**

Summary

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

Update Information:

This update includes the latest stable release of **Apache Subversion**, version **1.8.13**.

Three security vulnerabilities are fixed in this update:

* CVE-2015-0202: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt * CVE-2015-0248: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt * CVE-2015-0251: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt

In addition, the following changes are included in the Subversion 1.8.13 update:

**Client-side bugfixes:** * ra_serf: prevent abort of commits that have already succeeded * ra_serf: support case-insensitivity in HTTP headers * better error message if an external is shadowed * ra_svn: fix reporting of directory read errors * fix a redirect handling bug in 'svn log' over HTTP * properly copy tree conflict information * fix 'svn patch' output for reordered hunks * svnrdump load: don't load wrong props with no-deltas dump * fix working copy corruption with relative file exte...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory subversion Fedora update information remote denial of service

Change Log

* Tue Jul 14 2015 Joe Orton - 1.8.13-7 - move svnauthz to -tools; make svnauthz-validate a symlink - move svnmucc man page to -tools - restore dep on systemd (#1183873) * Tue Jul 14 2015 Joe Orton - 1.8.13-6 - rebuild with tests enabled * Tue Jul 14 2015 Joe Orton - 1.8.13-5 - rebuild with SWIG 3.0.6 (#1216264) * Mon Jun 15 2015 Ville Skyttä - 1.8.13-4 - Own bash-completion dirs not owned by anything in dep chain * Tue Apr 21 2015 Peter Robinson 1.8.13-2 - Disable tests to fix swig test issues * Wed Apr 8 2015 - 1.8.13-1 - Fix Ruby's test suite. * Tue Apr 7 2015 Joe Orton - 1.8.13-1 - update to 1.8.13 (#1207835) - attempt to patch around SWIG issues * Tue Dec 16 2014 Joe Orton - 1.8.11-1 - update to 1.8.11 (#1174521) - require newer libserf (#1155670)

References


[ 1 ] Bug #1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers https://bugzilla.redhat.com/show_bug.cgi?id=1205138 [ 2 ] Bug #1205134 - CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests https://bugzilla.redhat.com/show_bug.cgi?id=1205134 [ 3 ] Bug #1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions https://bugzilla.redhat.com/show_bug.cgi?id=1205140

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: subversion
Product: Fedora 21
Version: 1.8.13
Release: 7.fc21
URL: https://subversion.apache.org/
Summary: A Modern Concurrent Version Control System

Topics%20covered

Topics Covered

security advisory subversion Fedora update information remote denial of service

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here