Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 30: FEDORA-2019-f6bc68e455 Critical: Subversion DoS Issues

fedora
Calendar Grey August 5, 2019
Dist Fedora Esm H88
The latest release of Apache Subversion 1.12.2 addresses two critical vulnerabilities in Fedora 30. It is recommended to perform the update promptly to enhance security.
This update includes the latest stable release of _Apache Subversion_, version **1.12.2**

Summary

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

This update includes the latest stable release of _Apache Subversion_, version

**1.12.2**. This update addresses two security vulnerabilities in **svnserve**,

`CVE-2018-11782` and `CVE-2019-0203`. For more information, see:

https://subversion.apache.org/security/CVE-2018-11782-advisory.txt

https://subversion.apache.org/security/CVE-2019-0203-advisory.txt ## User-visible changes: * Fix conflict resolver bug: local and incoming edits swapped.

* Fix memory lifetime problem in a libsvn_wc error code path.

* Thu Jul 25 2019 Joe Orton - 1.12.2-1

- update to 1.12.2

* Sat Jun 1 2019 Jitka Plesnikova - 1.12.0-2

- Perl 5.30 rebuild

* Wed May 1 2019 Joe Orton - 1.12.0-1

- update to 1.12.0 (#1702471)

* Wed Apr 17 2019 Joe Orton - 1.11.1-5

- fix build with APR 1.7.0 (upstream r1857391)

[ 1 ] Bug #1735579 - CVE-2019-0203 subversion: remote unauthenticated denial-of-service in subversion svnserve [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1735579

[ 2 ] Bug #1735578 - CVE-2018-11782 subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev' [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1735578

su -c 'dnf upgrade --advisory FEDORA-2019-f6bc68e455' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security issue subversion Fedora DoS version control svnserve

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 1.12.2
Release: 1.fc30
URL: https://subversion.apache.org/
Summary: A Modern Concurrent Version Control System

Topics%20covered

Topics Covered

security advisory security issue subversion Fedora DoS version control svnserve

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here