Fedora 26: 2017-704c201dbb Moderate: Subversion Memory Collision Attack
fedora
July 25, 2017
This update includes the latest stable release of _Apache Subversion_, version **1.9.6**
Summary
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
This update includes the latest stable release of _Apache Subversion_, version
**1.9.6**. ### User-visible changes: #### Client-side bugfixes: * cp/mv:
improve error message when target is an unversioned dir * merge: reduce memory
usage with large amounts of mergeinfo ([issue
4667]()) #### Server-side
bugfixes: * 'svnadmin freeze': document the purpose more clearly * dump: fix
segfault when a revision has no revprops * fsfs: improve error message upon
failure to open rep-cache * fsfs: never attempt to share directory
representations * fsfs: make consistency independent of hash algorithms
This change makes Subversion resilient to collision attacks, including
SHA-1 collision attacks such as See also our
documentation at https://subversion.apache.org/faq#shattered-sha1 and
https://subversion.apache.org/docs/release-notes/1.9#shattered-sha1. ####
Client-side and server-side bugfixes: * work around an APR bug related to file
truncation #### Bindings bugfixes: * javahl: follow redirects when opening a
connection
[ 1 ] Bug #1429939 - subversion: SHA-1 collision causes repository breakage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429939
[ 2 ] Bug #1467890 - subversion-1.9.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1467890
[ 3 ] Bug #1469158 - subversion-javahl libraries are missing
https://bugzilla.redhat.com/show_bug.cgi?id=1469158
su -c 'dnf upgrade subversion' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Product: Fedora 26
Version: 1.9.6
Release: 2.fc26
Summary: A Modern Concurrent Version Control System
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!