Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 23 Subversion Security Advisory: Integer Overflow Fixes

fedora
Calendar Grey December 22, 2015
Dist Fedora Esm H88
Fedora's repository revision rectifies client and server functionalities, boosting version oversight. Key corrections incorporated.
This update includes the latest stable release of _Apache Subversion_, version **1.9.3**

Summary

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

Update Information:

This update includes the latest stable release of _Apache Subversion_, version **1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff: fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in multistatus parser * svn: report lock/unlock errors as failures * svn: cleanup user deleted external registrations * svn: allow simple resolving of binary file text conflicts * svnlook: properly remove tempfiles on diff errors * ra_serf: report built- and run-time versions of libserf * ra_serf: set Content- Type header in outgoing requests * svn: fix merging deletes of svn:eol-style CRLF/CR files * ra_local: disable zero-copy code path #### Server-side bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue 4602]()) * mod_dav_svn: fix display of process ID in cache statistic...

Change Log

References


[ 1 ] Bug #1289959 - CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies https://bugzilla.redhat.com/show_bug.cgi?id=1289959 [ 2 ] Bug #1289958 - CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser https://bugzilla.redhat.com/show_bug.cgi?id=1289958

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: subversion
Product: Fedora 23
Version: 1.9.3
Release: 1.fc23
Summary: A Modern Concurrent Version Control System

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here