Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Fedora 25 ViewVC Update: XSS Attack Prevention in Version 1.1.26

fedora
Calendar Grey February 9, 2017
Dist Fedora Esm H88
A vital update for Fedora 25 is here to fix a critical XSS vulnerability in viewvc version 1.1.26, ensuring your system's security against threats
Version 1.1.26 (released 24-Jan-2017) * security fix: escape nav_data name to avoid XSS attack Version 1.1.25 (released 15-Sep-2016) * fix _rev2optrev assertion on long input

Summary

ViewVC is a browser interface for CVS and Subversion version control

repositories. It generates templatized HTML to present navigable directory,

revision, and change log listings. It can display specific versions of files

as well as diffs between those versions. Basically, ViewVC provides the bulk

of the report-like functionality you expect out of your version control tool,

but much more prettily than the average textual command-line program output.

Update Information:

Version 1.1.26 (released 24-Jan-2017) * security fix: escape nav_data name to avoid XSS attack Version 1.1.25 (released 15-Sep-2016) * fix _rev2optrev assertion on long input

Topics%20covered

Topics Covered

security advisory fedora security fix update information XSS attack viewvc

Change Log

References

Fedora Update Notification FEDORA-2017-bd3c3c957f 2017-02-09 01:14:52.524823
Name : viewvc Product : Fedora 25 Version : 1.1.26 Release : 1.fc25 URL : https://www.viewvc.org/ Summary : Browser interface for CVS and SVN version control repositories Description : ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bulk of the report-like functionality you expect out of your version control tool, but much more prettily than the average textual command-line program output.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade viewvc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: viewvc
Product: Fedora 25
Version: 1.1.26
Release: 1.fc25
URL: https://www.viewvc.org/
Summary: Browser interface for CVS and SVN version control repositories

Topics%20covered

Topics Covered

security advisory fedora security fix update information XSS attack viewvc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here