You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa subversion

Sigurnosni nedostaci programskog paketa subversion

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-02-29 18:03:39.485655

Name : subversion
Product : Fedora 22
Version : 1.8.15
Release : 1.fc22
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

Update Information:

This update includes the latest stable release of _Apache Subversion 1.8_,
version **1.8.15**. This update fixes two security issues: *
**CVE-2015-3184**: Subversion’s mod_authz_svn does not properly restrict
anonymous access in some mixed anonymous/authenticated environments when using
Apache httpd 2.4. *
**CVE-2015-3187**: Subversion servers, both httpd and svnserve, will reveal some
paths that should be hidden by path-based authz. ### User-
visible changes: #### Client-side bugfixes: * gpg-agent: fix crash with non-
canonical $HOME * document svn:autoprops * cp: fix ‘svn cp ^/A/D/H@1 ^/A’ to
properly create A * resolve: improve conflict prompts for binary files * ls:
improve performance of ‘-v’ on tag directories * improved Sqlite 3.8.9 query
performance regression on externals * fixed [issue
4580]( ‘svn -v st’ on
file externals reports “?” instead of user and revision after ‘svn up’ ####
Client-side and server-side bugfixes: * fix a segfault with old style text delta
#### Server-side bugfixes: * fsfs: reduce memory allocation with Apache *
mod_dav_svn: emit first log items as soon as possible * mod_dav_svn: use
LimitXMLRequestBody for skel-encoded requests * mod_dav_svn: do not ignore skel
parsing errors * detect invalid svndiff data earlier * prevent possible
repository corruption on power/disk failures * fixed [issue
4577]( Read error with
nodes whose DELTA chain starts with a PLAIN rep * fixed [issue
4531]( server-side
copy (over dav) is slow and uses too much memory #### Bindings bugfixes: *
swig: fix memory corruption in svn_client_copy_source_t ### Developer-visible
changes: #### General: * avoid failing some tests on versions of Python with a
very old sqlite * fix Ruby tests so they don’t use the users real configuration
#### Bindings: * swig-pl: fix some stack memory problems

[ 1 ] Bug #1289959 – CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies
[ 2 ] Bug #1289958 – CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser
[ 3 ] Bug #1247249 – CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4

This update can be installed with the “yum” update program. Use
su -c ‘yum update subversion’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2016-03-0004-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa monotone

Otkriveni su sigurnosni nedostaci u programskom paketu monotone za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...