Synopsis
The remote Fedora host is missing a security update.
Description
This update includes the latest stable release of _Apache Subversion 1.8_, version **1.8.15**. This update fixes two security issues: *
**CVE-2015-3184**: Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4.
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt *
**CVE-2015-3187**: Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz.
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt ### User- visible changes: #### Client-side bugfixes: * gpg-agent: fix crash with non- canonical $HOME * document svn:autoprops * cp: fix 'svn cp ^/A/D/H at 1 ^/A' to properly create A * resolve: improve conflict prompts for binary files * ls: improve performance of '-v' on tag directories * improved Sqlite 3.8.9 query performance regression on externals * fixed [issue 4580](http://subversion.tigris.org/issues/show_bug.cgi?id=4580): 'svn
-v st' on file externals reports '?' instead of user and revision after 'svn up' #### Client-side and server-side bugfixes: * fix a segfault with old style text delta #### Server-side bugfixes: * fsfs:
reduce memory allocation with Apache * mod_dav_svn: emit first log items as soon as possible * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * mod_dav_svn: do not ignore skel parsing errors
* detect invalid svndiff data earlier * prevent possible repository corruption on power/disk failures * fixed [issue 4577](http://subversion.tigris.org/issues/show_bug.cgi?id=4577): Read error with nodes whose DELTA chain starts with a PLAIN rep * fixed [issue 4531](http://subversion.tigris.org/issues/show_bug.cgi?id=4531):
server-side copy (over dav) is slow and uses too much memory #### Bindings bugfixes: * swig: fix memory corruption in svn_client_copy_source_t ### Developer-visible changes: #### General:
* avoid failing some tests on versions of Python with a very old sqlite * fix Ruby tests so they don't use the users real configuration #### Bindings: * swig-pl: fix some stack memory problems
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected subversion package.
Plugin Details
File Name: fedora_2015-6efa349a85.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Vulnerability Information
CPE: cpe:/o:fedoraproject:fedora:22, p-cpe:/a:fedoraproject:fedora:subversion
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 2/29/2016