Fedora 25 : subversion (2017-c629f16f6c)

medium Nessus Plugin ID 96360

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

This update includes the latest stable release of _Apache Subversion_, version **1.9.5**.

#### Client-side bugfixes :

- fix accessing non-existent paths during reintegrate merge

- fix handling of newly secured subdirectories in working copy

- info: remove trailing whitespace in --show-item=revision ([issue 4660](http://subversion.tigris.org/issues/show_bug.cgi?i d=4660))

- fix recording wrong revisions for tree conflicts

- gpg-agent: improve discovery of gpg-agent sockets

- gpg-agent: fix file descriptor leak

- resolve: fix --accept=mine-full for binary files ([issue 4647](http://subversion.tigris.org/issues/show_bug.cgi?i d=4647))

- merge: fix possible crash ([issue 4652](http://subversion.tigris.org/issues/show_bug.cgi?i d=4652))

- resolve: fix possible crash

- fix potential crash in Win32 crash reporter #### Server-side bugfixes :

- fsfs: fix 'offset too large' error during pack ([issue 4657](http://subversion.tigris.org/issues/show_bug.cgi?i d=4657))

- svnserve: enable hook script environments

- fsfs: fix possible data reconstruction error ([issue 4658](http://subversion.tigris.org/issues/show_bug.cgi?i d=4658))

- fix source of spurious 'incoming edit' tree conflicts

- fsfs: improve caching for large directories

- fsfs: fix crash when encountering all-zero checksums

- fsfs: fix potential source of repository corruptions

- mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate ([issue 3084](http://subversion.tigris.org/issues/show_bug.cgi?i d=3084))

- mod_dav_svn: reduce memory usage during GET requests

- fsfs: fix unexpected 'database is locked' errors

- fsfs: fix opening old repositories without db/format files #### Client-side and server-side bugfixes :

- fix possible crash when reading invalid configuration files #### Bindings bugfixes :

- swig-pl: do not corrupt '{DATE}' revision variable

- javahl: fix temporary accepting SSL server certificates

- swig-pl: fix possible stack corruption

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected subversion package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-c629f16f6c

Plugin Details

Severity: Medium

ID: 96360

File Name: fedora_2017-c629f16f6c.nasl

Version: 3.6

Type: local

Agent: unix

Published: 1/10/2017

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:25, p-cpe:/a:fedoraproject:fedora:subversion

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/6/2017

Vulnerability Publication Date: 10/16/2017

Reference Information

CVE: CVE-2016-8734