Security update for subversion
SUSE Security Update: Security update for subversion
This subversion update fixes a symlink attack against a pid
file.
* CVE-2013-4277: Svnserve in Apache Subversion allowed
local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the
--pid-file option.
Also the following two bugs have been fixed:
* bnc#841205: SVNListParentPath feature doesn't work
when svn authz is used
* bnc#834014: subversion ignored the
http-proxy-exception setting
Security Issue reference:
* CVE-2013-4277
>
| Announcement ID: | SUSE-SU-2013:1643-1 |
| Rating: | moderate |
| References: | #834014 #836245 #841205 |
| Affected Products: |
An update that solves one vulnerability and has two fixes is now available.
Description:
This subversion update fixes a symlink attack against a pid
file.
* CVE-2013-4277: Svnserve in Apache Subversion allowed
local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the
--pid-file option.
Also the following two bugs have been fixed:
* bnc#841205: SVNListParentPath feature doesn't work
when svn authz is used
* bnc#834014: subversion ignored the
http-proxy-exception setting
Security Issue reference:
* CVE-2013-4277
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-subversion-8432 - SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-subversion-8433 - SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-subversion-8432
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64):
- subversion-1.6.17-1.21.3
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- subversion-1.6.17-1.21.3
- subversion-devel-1.6.17-1.21.3
- subversion-perl-1.6.17-1.21.3
- subversion-python-1.6.17-1.21.3
- subversion-server-1.6.17-1.21.3
- subversion-tools-1.6.17-1.21.3
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
- subversion-1.6.17-1.21.3
- subversion-devel-1.6.17-1.21.3
- subversion-perl-1.6.17-1.21.3
- subversion-python-1.6.17-1.21.3
- subversion-server-1.6.17-1.21.3
- subversion-tools-1.6.17-1.21.3
References:
- http://support.novell.com/security/cve/CVE-2013-4277.html
- https://bugzilla.novell.com/834014
- https://bugzilla.novell.com/836245
- https://bugzilla.novell.com/841205
- http://download.suse.com/patch/finder/?keywords=35448254fece4dd2466305bab7ac53fb
- http://download.suse.com/patch/finder/?keywords=8cd54bc6a2f3b2e4830865c25819b0bd