Stay Secure with the Latest Linux Advisories

security advisoryFedoraerror handling

Fedora 25: 21-22-00 Critical: Subversion 1.9.6 Security Update

This update includes the latest stable release of _Apache Subversion_, version **1.9.6**. ### User-visible changes: #### Client-side bugfixes: * cp/mv: improve error message when target is an unversioned dir * merge: reduce memory usage with large amounts of mergeinfo ([issue 4667](https://issues.apache.org/jira/browse/SVN-4667)) #### Server-side. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b9e4c24094 2017-08-07 13:52:29.112235 --------------------------------------------------------------------------------Name : subversion Product : Fedora 25 Version : 1.9.6 Release : 2.fc25 URL : https://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------------------Update Information: This update includes the latest stable release of _Apache Subversion_, version **1.9.6**. ### User-visible changes: #### Client-side bugfixes: * cp/mv: improve error message when target is an unversioned dir * merge: reduce memory usage with large amounts of mergeinfo ([issue 4667](https://issues.apache.org/jira/browse/SVN-4667)) #### Server-side bugfixes: * 'svnadmin freeze': document the purpose more clearly * dump: fix segfault when a revision has no revprops * fsfs: improve error message upon failure to open rep-cache * fsfs: never attempt to share directory representations * fsfs: make consistency independent of hash algorithms This change makes Subversion resilient to collision attacks, including SHA-1 collision attacks such ashttp://shattered.io/. See also our documentation at https://subversion.apache.org/faq#shattered-sha1 and https://subversion.apache.org/docs/release-notes/1.9#shattered-sha1. #### Client-side and server-side bugfixes: * work around an APR bug related to file truncation #### Bindings bugfixes: * javahl: follow redirects when opening a connection --------------------------------------------------------------------------------References: [ 1 ] Bug #1429939 - subversion: SHA-1 collision causes repository breakage [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1429939 [ 2 ] Bug #1467890 - subversion-1.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467890 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade subversion' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora 25 delivers a critical update for Apache Subversion 1.9.6, enhancing memory usage and error handling.. Subversion Update,Fedora 25 Security,Apache Subversion Fix. . Severity: Critical. LinuxSecurity.com Team

Aug 07, 2017 •Critical Fedora