Security update for subversion SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2363-1 Final 1 1 2015-12-25T12:58:33Z current 2015-12-25T12:58:33Z 2015-12-25T12:58:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for subversion This update fixes the following security issues: * CVE-2015-5343: Possible remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300) * CVE-2015-3184: mod_authz_svn information leak information in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514) * CVE-2015-3187: hidden paths leaked by path-based authz (bsc#939517) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-12/msg00111.html E-Mail link for openSUSE-SU-2015:2363-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libsvn_auth_gnome_keyring-1-0-1.8.10-6.1 libsvn_auth_kwallet-1-0-1.8.10-6.1 subversion-1.8.10-6.1 subversion-bash-completion-1.8.10-6.1 subversion-devel-1.8.10-6.1 subversion-perl-1.8.10-6.1 subversion-python-1.8.10-6.1 subversion-ruby-1.8.10-6.1 subversion-server-1.8.10-6.1 subversion-tools-1.8.10-6.1 libsvn_auth_gnome_keyring-1-0-1.8.10-6.1 as a component of openSUSE Leap 42.1 libsvn_auth_kwallet-1-0-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-bash-completion-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-devel-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-perl-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-python-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-ruby-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-server-1.8.10-6.1 as a component of openSUSE Leap 42.1 subversion-tools-1.8.10-6.1 as a component of openSUSE Leap 42.1 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. CVE-2015-3184 openSUSE Leap 42.1:libsvn_auth_gnome_keyring-1-0-1.8.10-6.1 openSUSE Leap 42.1:libsvn_auth_kwallet-1-0-1.8.10-6.1 openSUSE Leap 42.1:subversion-1.8.10-6.1 openSUSE Leap 42.1:subversion-bash-completion-1.8.10-6.1 openSUSE Leap 42.1:subversion-devel-1.8.10-6.1 openSUSE Leap 42.1:subversion-perl-1.8.10-6.1 openSUSE Leap 42.1:subversion-python-1.8.10-6.1 openSUSE Leap 42.1:subversion-ruby-1.8.10-6.1 openSUSE Leap 42.1:subversion-server-1.8.10-6.1 openSUSE Leap 42.1:subversion-tools-1.8.10-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00111.html https://www.suse.com/security/cve/CVE-2015-3184.html CVE-2015-3184 https://bugzilla.suse.com/938723 SUSE Bug 938723 https://bugzilla.suse.com/939514 SUSE Bug 939514 https://bugzilla.suse.com/939516 SUSE Bug 939516 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. CVE-2015-3187 openSUSE Leap 42.1:libsvn_auth_gnome_keyring-1-0-1.8.10-6.1 openSUSE Leap 42.1:libsvn_auth_kwallet-1-0-1.8.10-6.1 openSUSE Leap 42.1:subversion-1.8.10-6.1 openSUSE Leap 42.1:subversion-bash-completion-1.8.10-6.1 openSUSE Leap 42.1:subversion-devel-1.8.10-6.1 openSUSE Leap 42.1:subversion-perl-1.8.10-6.1 openSUSE Leap 42.1:subversion-python-1.8.10-6.1 openSUSE Leap 42.1:subversion-ruby-1.8.10-6.1 openSUSE Leap 42.1:subversion-server-1.8.10-6.1 openSUSE Leap 42.1:subversion-tools-1.8.10-6.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00111.html https://www.suse.com/security/cve/CVE-2015-3187.html CVE-2015-3187 https://bugzilla.suse.com/939517 SUSE Bug 939517 Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. CVE-2015-5343 openSUSE Leap 42.1:libsvn_auth_gnome_keyring-1-0-1.8.10-6.1 openSUSE Leap 42.1:libsvn_auth_kwallet-1-0-1.8.10-6.1 openSUSE Leap 42.1:subversion-1.8.10-6.1 openSUSE Leap 42.1:subversion-bash-completion-1.8.10-6.1 openSUSE Leap 42.1:subversion-devel-1.8.10-6.1 openSUSE Leap 42.1:subversion-perl-1.8.10-6.1 openSUSE Leap 42.1:subversion-python-1.8.10-6.1 openSUSE Leap 42.1:subversion-ruby-1.8.10-6.1 openSUSE Leap 42.1:subversion-server-1.8.10-6.1 openSUSE Leap 42.1:subversion-tools-1.8.10-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00111.html https://www.suse.com/security/cve/CVE-2015-5343.html CVE-2015-5343 https://bugzilla.suse.com/958300 SUSE Bug 958300