SUSE-SU-2013:1643-1: moderate: Security update for subversion
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 8 16:04:18 MST 2013
SUSE Security Update: Security update for subversion
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1643-1
Rating: moderate
References: #834014 #836245 #841205
Cross-References: CVE-2013-4277
Affected Products:
SUSE Studio Onsite 1.3
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP2
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This subversion update fixes a symlink attack against a pid
file.
* CVE-2013-4277: Svnserve in Apache Subversion allowed
local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the
--pid-file option.
Also the following two bugs have been fixed:
* bnc#841205: SVNListParentPath feature doesn't work
when svn authz is used
* bnc#834014: subversion ignored the
http-proxy-exception setting
Security Issue reference:
* CVE-2013-4277
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-subversion-8432
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-subversion-8433
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-subversion-8432
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64):
subversion-1.6.17-1.21.3
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
subversion-1.6.17-1.21.3
subversion-devel-1.6.17-1.21.3
subversion-perl-1.6.17-1.21.3
subversion-python-1.6.17-1.21.3
subversion-server-1.6.17-1.21.3
subversion-tools-1.6.17-1.21.3
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
subversion-1.6.17-1.21.3
subversion-devel-1.6.17-1.21.3
subversion-perl-1.6.17-1.21.3
subversion-python-1.6.17-1.21.3
subversion-server-1.6.17-1.21.3
subversion-tools-1.6.17-1.21.3
References:
http://support.novell.com/security/cve/CVE-2013-4277.html
https://bugzilla.novell.com/834014
https://bugzilla.novell.com/836245
https://bugzilla.novell.com/841205
http://download.novell.com/patch/finder/?keywords=35448254fece4dd2466305bab7ac53fb
http://download.novell.com/patch/finder/?keywords=8cd54bc6a2f3b2e4830865c25819b0bd
More information about the sle-security-updates
mailing list