Synopsis:          Important: subversion security update
Advisory ID:       SLSA-2017:2480-1
Issue Date:        2017-08-16
CVE Numbers:       CVE-2017-9800
--

Security Fix(es):

* A shell command injection flaw related to the handling of "svn+ssh" URLs
has been discovered in Subversion. An attacker could use this flaw to
execute shell commands with the privileges of the user running the
Subversion client, for example when performing a "checkout" or "update"
action on a malicious repository, or a legitimate repository containing a
malicious commit. (CVE-2017-9800)
--

SL7
  x86_64
    mod_dav_svn-1.7.14-11.el7_4.x86_64.rpm
    subversion-1.7.14-11.el7_4.i686.rpm
    subversion-1.7.14-11.el7_4.x86_64.rpm
    subversion-debuginfo-1.7.14-11.el7_4.i686.rpm
    subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm
    subversion-devel-1.7.14-11.el7_4.i686.rpm
    subversion-devel-1.7.14-11.el7_4.x86_64.rpm
    subversion-gnome-1.7.14-11.el7_4.i686.rpm
    subversion-gnome-1.7.14-11.el7_4.x86_64.rpm
    subversion-javahl-1.7.14-11.el7_4.i686.rpm
    subversion-javahl-1.7.14-11.el7_4.x86_64.rpm
    subversion-kde-1.7.14-11.el7_4.i686.rpm
    subversion-kde-1.7.14-11.el7_4.x86_64.rpm
    subversion-libs-1.7.14-11.el7_4.i686.rpm
    subversion-libs-1.7.14-11.el7_4.x86_64.rpm
    subversion-perl-1.7.14-11.el7_4.i686.rpm
    subversion-perl-1.7.14-11.el7_4.x86_64.rpm
    subversion-python-1.7.14-11.el7_4.x86_64.rpm
    subversion-ruby-1.7.14-11.el7_4.i686.rpm
    subversion-ruby-1.7.14-11.el7_4.x86_64.rpm
    subversion-tools-1.7.14-11.el7_4.x86_64.rpm

- Scientific Linux Development Team