Detections
Analytics
openSUSE Security Update : subversion (openSUSE-2016-1435)
medium Nessus Plugin ID 95707
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for subversion fixes the following issues :- Version update to 1.9.5 :
- Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// (boo#1011552, CVE-2016-8734)
- Client-side bugfixes :
- fix accessing non-existent paths during reintegrate merge (r1766699 et al)
- fix handling of newly secured subdirectories in working copy (r1724448)
- info: remove trailing whitespace in --show-item=revision (issue #4660)
- fix recording wrong revisions for tree conflicts (r1734106)
- gpg-agent: improve discovery of gpg-agent sockets (r1766327)
- gpg-agent: fix file descriptor leak (r1766323)
- resolve: fix --accept=mine-full for binary files (issue #4647)
- merge: fix possible crash (issue #4652)
- resolve: fix possible crash (r1748514)
- fix potential crash in Win32 crash reporter (r1663253 et al)
- Server-side bugfixes :
- fsfs: fix 'offset too large' error during pack (issue #4657)
- svnserve: enable hook script environments (r1769152)
- fsfs: fix possible data reconstruction error (issue #4658)
- fix source of spurious 'incoming edit' tree conflicts (r1770108)
- fsfs: improve caching for large directories (r1721285)
- fsfs: fix crash when encountering all-zero checksums (r1759686)
- fsfs: fix potential source of repository corruptions (r1756266)
- mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate (issue #3084)
- mod_dav_svn: reduce memory usage during GET requests (r1757529 et al)
- fsfs: fix unexpected 'database is locked' errors (r1741096 et al)
- fsfs: fix opening old repositories without db/format files (r1720015)
- Client-side and server-side bugfixes :
- fix possible crash when reading invalid configuration files (r1715777)
- Bindings bugfixes :
- swig-pl: do not corrupt '(DATE)' revision variable (r1767768)
- javahl: fix temporary accepting SSL server certificates (r1764851)
- swig-pl: fix possible stack corruption (r1683266, r1683267)
Solution
Update the affected subversion packages.See Also
Plugin Details
Severity: Medium
ID: 95707
File Name: openSUSE-2016-1435.nasl
Version: 3.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/12/2016
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0, p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo, p-cpe:/a:novell:opensuse:subversion, p-cpe:/a:novell:opensuse:subversion-bash-completion, p-cpe:/a:novell:opensuse:subversion-debuginfo, p-cpe:/a:novell:opensuse:subversion-debugsource, p-cpe:/a:novell:opensuse:subversion-devel, p-cpe:/a:novell:opensuse:subversion-perl, p-cpe:/a:novell:opensuse:subversion-perl-debuginfo, p-cpe:/a:novell:opensuse:subversion-python, p-cpe:/a:novell:opensuse:subversion-python-ctypes, p-cpe:/a:novell:opensuse:subversion-python-debuginfo, p-cpe:/a:novell:opensuse:subversion-ruby, p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo, p-cpe:/a:novell:opensuse:subversion-server, p-cpe:/a:novell:opensuse:subversion-server-debuginfo, p-cpe:/a:novell:opensuse:subversion-tools, p-cpe:/a:novell:opensuse:subversion-tools-debuginfo, cpe:/o:novell:opensuse:42.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 12/9/2016
Vulnerability Publication Date: 10/16/2017
Reference Information
CVE: CVE-2016-8734