Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE Leap 42.3: 2017:2183-1 Important: Subversion RCE

opensuse
Calendar Grey August 17, 2017
Dist Opensuse Esm H88
The latest patch resolves an essential vulnerability in Git for Fedora, enhancing defense mechanisms against remote code execution risks.
An update that solves one vulnerability and has two fixes is now available.

Description

This update for subversion to 1.9.7 fixes security issues and bugs.

The following vulnerabilities were fixed:

- CVE-2017-9800: A remote attacker could have caused svn clients to

execute arbitrary code via specially crafted URLs in svn:externals and

svn:sync-from-url properties. (boo#1051362)

- CVE-2005-4900: SHA-1 collisions may cause repository inconsistencies

(boo#1026936)

The following bugfix changes are included:

- Add instructions for running svnserve as a user different from "svn",

and remove sysconfig variables that are no longer effective with the

systemd unit. (boo#1049448)

Topics%20covered

Topics Covered

security advisory subversion code execution security fix remote execution important update openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-940=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-940=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

libsvn_auth_gnome_keyring-1-0-1.9.7-8.1

libsvn_auth_gnome_keyring-1-0-debuginfo-1.9.7-8.1

libsvn_auth_kwallet-1-0-1.9.7-8.1

libsvn_auth_kwallet-1-0-debuginfo-1.9.7-8.1

subversion-1.9.7-8.1

subversion-debuginfo-1.9.7-8.1

subversion-debugsource-1.9.7-8.1

subversion-devel-1.9.7-8.1

subversion-perl-1.9.7-8.1

subversion-perl-debuginfo-1.9.7-8.1

subversion-python-1.9.7-8.1

subversion-python-ctypes-1.9.7-8.1

subversion-python-debuginfo-1.9.7-8.1

subversion-ruby-1.9.7-8.1

subversion-ruby-debuginfo-1.9.7-8.1

subversion-server-1.9.7-8.1

subversion-server-debuginfo-1.9.7-8.1

subversion-tools-1.9.7-8.1

subversion-tools-debuginfo-1.9.7-8.1

- openSUSE Leap 42.3 (noarch):

subversion-bash-completion-1.9.7-8.1

- openSUSE Leap 42.2 (x86_64):

libsvn_auth_gnome_keyring-1-0-1.9.7-5.3.1

libsvn_auth_gnome_keyring-1-0-debuginfo-1.9.7-5.3.1

libsvn_auth_kwallet-1-0-1.9.7-5.3.1

libsvn_auth_kwallet-1-0-debuginfo-1.9.7-5.3.1

subversion-1.9.7-5.3.1

subversion-debuginfo-1.9.7-5.3.1

subversion-debugsource-1.9....

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-9800.html

https://bugzilla.suse.com/1026936

https://bugzilla.suse.com/1049448

https://bugzilla.suse.com/1051362

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2183-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 le.

Topics%20covered

Topics Covered

security advisory subversion code execution security fix remote execution important update openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here