--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-11795
2015-07-17 23:30:43
--------------------------------------------------------------------------------

Name        : subversion
Product     : Fedora 21
Version     : 1.8.13
Release     : 7.fc21
URL         : https://subversion.apache.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------
Update Information:

This update includes the latest stable release of **Apache Subversion**, version **1.8.13**.

Three security vulnerabilities are fixed in this update:

* CVE-2015-0202: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt
* CVE-2015-0248: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
* CVE-2015-0251: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt

In addition, the following changes are included in the Subversion 1.8.13 update:

**Client-side bugfixes:**
* ra_serf: prevent abort of commits that have already succeeded 
* ra_serf: support case-insensitivity in HTTP headers 
* better error message if an external is shadowed 
* ra_svn: fix reporting of directory read errors 
* fix a redirect handling bug in 'svn log' over HTTP 
* properly copy tree conflict information 
* fix 'svn patch' output for reordered hunks  * svnrdump load: don't load wrong props with no-deltas dump  * fix working copy corruption with relative file external  * don't crash if config file is unreadable 
* svn resolve: don't ask a question with only one answer 
* fix assertion failure in svn move 
* working copy performance improvements 
* handle existing working copies which become externals 
* fix recording of WC meta-data for foreign repos copies 
* fix calculating repository path of replaced directories 
* fix calculating repository path after commit of switched nodes 
* svnrdump: don't provide HEAD+1 as base revision for deletes 
* don't leave conflict markers on files that are moved 
* avoid unnecessary subtree mergeinfo recording 
* fix diff of a locally copied directory with props

**Server-side bugfixes:**
* fsfs: fix a problem verifying pre-1.4 repos used with 1.8 
* svnadmin freeze: fix memory allocation error 
* svnadmin load: tolerate invalid mergeinfo at r0
* svnadmin load: strip references to r1 from mergeinfo  * svnsync: strip any r0 references from mergeinfo  * fsfs: reduce memory consumption when operating on dag nodes 
* reject invalid get-location-segments requests in mod_dav_svn and svnserve 
* mod_dav_svn: reject invalid txnprop change requests 

**Client-side and server-side bugfixes:**
* fix undefined behaviour in string buffer routines 
* fix consistency issues with APR r/w locks on Windows 
* fix occasional SEGV if threads load DSOs in parallel 
* properly duplicate svn error objects 
* fix use-after-free in config parser

--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 14 2015 Joe Orton  - 1.8.13-7
- move svnauthz to -tools; make svnauthz-validate a symlink
- move svnmucc man page to -tools
- restore dep on systemd (#1183873)
* Tue Jul 14 2015 Joe Orton  - 1.8.13-6
- rebuild with tests enabled
* Tue Jul 14 2015 Joe Orton  - 1.8.13-5
- rebuild with SWIG 3.0.6 (#1216264)
* Mon Jun 15 2015 Ville Skyttä  - 1.8.13-4
- Own bash-completion dirs not owned by anything in dep chain
* Tue Apr 21 2015 Peter Robinson  1.8.13-2
- Disable tests to fix swig test issues
* Wed Apr  8 2015  - 1.8.13-1
- Fix Ruby's test suite.
* Tue Apr  7 2015 Joe Orton  - 1.8.13-1
- update to 1.8.13 (#1207835)
- attempt to patch around SWIG issues
* Tue Dec 16 2014 Joe Orton  - 1.8.11-1
- update to 1.8.11 (#1174521)
- require newer libserf (#1155670)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers        https://bugzilla.redhat.com/show_bug.cgi?id=1205138
  [ 2 ] Bug #1205134 - CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests
        https://bugzilla.redhat.com/show_bug.cgi?id=1205134
  [ 3 ] Bug #1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
        https://bugzilla.redhat.com/show_bug.cgi?id=1205140
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 21: subversion Security Update

July 29, 2015
This update includes the latest stable release of **Apache Subversion**, version **1.8.13**

Summary

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

Update Information:

This update includes the latest stable release of **Apache Subversion**, version **1.8.13**.

Three security vulnerabilities are fixed in this update:

* CVE-2015-0202: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt * CVE-2015-0248: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt * CVE-2015-0251: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt

In addition, the following changes are included in the Subversion 1.8.13 update:

**Client-side bugfixes:** * ra_serf: prevent abort of commits that have already succeeded * ra_serf: support case-insensitivity in HTTP headers * better error message if an external is shadowed * ra_svn: fix reporting of directory read errors * fix a redirect handling bug in 'svn log' over HTTP * properly copy tree conflict information * fix 'svn patch' output for reordered hunks * svnrdump load: don't load wrong props with no-deltas dump * fix working copy corruption with relative file external * don't crash if config file is unreadable * svn resolve: don't ask a question with only one answer * fix assertion failure in svn move * working copy performance improvements * handle existing working copies which become externals * fix recording of WC meta-data for foreign repos copies * fix calculating repository path of replaced directories * fix calculating repository path after commit of switched nodes * svnrdump: don't provide HEAD+1 as base revision for deletes * don't leave conflict markers on files that are moved * avoid unnecessary subtree mergeinfo recording * fix diff of a locally copied directory with props

**Server-side bugfixes:** * fsfs: fix a problem verifying pre-1.4 repos used with 1.8 * svnadmin freeze: fix memory allocation error * svnadmin load: tolerate invalid mergeinfo at r0 * svnadmin load: strip references to r1 from mergeinfo * svnsync: strip any r0 references from mergeinfo * fsfs: reduce memory consumption when operating on dag nodes * reject invalid get-location-segments requests in mod_dav_svn and svnserve * mod_dav_svn: reject invalid txnprop change requests

**Client-side and server-side bugfixes:** * fix undefined behaviour in string buffer routines * fix consistency issues with APR r/w locks on Windows * fix occasional SEGV if threads load DSOs in parallel * properly duplicate svn error objects * fix use-after-free in config parser

Change Log

* Tue Jul 14 2015 Joe Orton - 1.8.13-7 - move svnauthz to -tools; make svnauthz-validate a symlink - move svnmucc man page to -tools - restore dep on systemd (#1183873) * Tue Jul 14 2015 Joe Orton - 1.8.13-6 - rebuild with tests enabled * Tue Jul 14 2015 Joe Orton - 1.8.13-5 - rebuild with SWIG 3.0.6 (#1216264) * Mon Jun 15 2015 Ville Skyttä - 1.8.13-4 - Own bash-completion dirs not owned by anything in dep chain * Tue Apr 21 2015 Peter Robinson 1.8.13-2 - Disable tests to fix swig test issues * Wed Apr 8 2015 - 1.8.13-1 - Fix Ruby's test suite. * Tue Apr 7 2015 Joe Orton - 1.8.13-1 - update to 1.8.13 (#1207835) - attempt to patch around SWIG issues * Tue Dec 16 2014 Joe Orton - 1.8.11-1 - update to 1.8.11 (#1174521) - require newer libserf (#1155670)

References

[ 1 ] Bug #1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers https://bugzilla.redhat.com/show_bug.cgi?id=1205138 [ 2 ] Bug #1205134 - CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests https://bugzilla.redhat.com/show_bug.cgi?id=1205134 [ 3 ] Bug #1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions https://bugzilla.redhat.com/show_bug.cgi?id=1205140

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : subversion
Product : Fedora 21
Version : 1.8.13
Release : 7.fc21
URL : https://subversion.apache.org/
Summary : A Modern Concurrent Version Control System

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved