[SECURITY] Fedora 19 Update: subversion-1.7.16-1.fc19
updates at fedoraproject.org
updates at fedoraproject.org
Sat Mar 15 15:19:30 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-3567
2014-03-07 05:31:59
--------------------------------------------------------------------------------
Name : subversion
Product : Fedora 19
Version : 1.7.16
Release : 1.fc19
URL : http://subversion.apache.org/
Summary : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
--------------------------------------------------------------------------------
Update Information:
This update includes the latest stable release of Apache Subversion 1.7, fixing a security issue (CVE-2014-0032):
Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on.
This can lead to a DoS. There are no known instances of this problem being exploited in the wild, but the details of how to exploit it have been disclosed on the Subversion development mailing list.
For more information, see:
https://subversion.apache.org/security/CVE-2014-0032-advisory.txt
A number of client-side bug fixes are included in this update:
* copy: fix some scenarios that broke the working copy
* diff: fix regressions due to fixes in 1.7.14
One server-side bug fixes is also included:
* reduce memory usage during checkout and export
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 3 2014 Joe Orton <jorton at redhat.com> - 1.7.16-1
- update to 1.7.16
* Tue Nov 26 2013 Joe Orton <jorton at redhat.com> - 1.7.14-1
- update to 1.7.14 (#1034377)
* Tue Sep 3 2013 Joe Orton <jorton at redhat.com> - 1.7.13-1
- update to 1.7.13 (#1003070)
- move bash completions out of /etc (#922993)
* Thu Jul 25 2013 Joe Orton <jorton at redhat.com> - 1.7.11-1
- update to 1.7.11
- use full relro in mod_dav_svn build (#973694)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062042 - CVE-2014-0032 subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on
https://bugzilla.redhat.com/show_bug.cgi?id=1062042
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list