Security update for subversion SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1910-1 Final 1 1 2019-08-15T09:45:52Z current 2019-08-15T09:45:52Z 2019-08-15T09:45:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for subversion This update for subversion to version 1.10.6 fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1910 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CLPCV7QU2V3PHTNTKUCOLUKHDLGGHMF5/#CLPCV7QU2V3PHTNTKUCOLUKHDLGGHMF5 E-Mail link for openSUSE-SU-2019:1910-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1142721 SUSE Bug 1142721 https://bugzilla.suse.com/1142743 SUSE Bug 1142743 https://www.suse.com/security/cve/CVE-2018-11782/ SUSE CVE CVE-2018-11782 page https://www.suse.com/security/cve/CVE-2019-0203/ SUSE CVE CVE-2019-0203 page openSUSE Leap 15.0 openSUSE Leap 15.1 libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3.1 libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3.1 subversion-1.10.6-lp151.4.3.1 subversion-bash-completion-1.10.6-lp151.4.3.1 subversion-devel-1.10.6-lp151.4.3.1 subversion-perl-1.10.6-lp151.4.3.1 subversion-python-1.10.6-lp151.4.3.1 subversion-python-ctypes-1.10.6-lp151.4.3.1 subversion-ruby-1.10.6-lp151.4.3.1 subversion-server-1.10.6-lp151.4.3.1 subversion-tools-1.10.6-lp151.4.3.1 libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-bash-completion-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-devel-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-perl-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-python-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-python-ctypes-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-ruby-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-server-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 subversion-tools-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.0 libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-bash-completion-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-devel-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-perl-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-python-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-python-ctypes-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-ruby-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-server-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 subversion-tools-1.10.6-lp151.4.3.1 as a component of openSUSE Leap 15.1 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. CVE-2018-11782 openSUSE Leap 15.0:libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-bash-completion-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-devel-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-perl-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-python-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-python-ctypes-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-ruby-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-server-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-tools-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-bash-completion-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-devel-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-perl-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-python-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-python-ctypes-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-ruby-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-server-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-tools-1.10.6-lp151.4.3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CLPCV7QU2V3PHTNTKUCOLUKHDLGGHMF5/#CLPCV7QU2V3PHTNTKUCOLUKHDLGGHMF5 https://www.suse.com/security/cve/CVE-2018-11782.html CVE-2018-11782 https://bugzilla.suse.com/1142743 SUSE Bug 1142743 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. CVE-2019-0203 openSUSE Leap 15.0:libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-bash-completion-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-devel-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-perl-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-python-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-python-ctypes-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-ruby-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-server-1.10.6-lp151.4.3.1 openSUSE Leap 15.0:subversion-tools-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-bash-completion-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-devel-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-perl-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-python-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-python-ctypes-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-ruby-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-server-1.10.6-lp151.4.3.1 openSUSE Leap 15.1:subversion-tools-1.10.6-lp151.4.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CLPCV7QU2V3PHTNTKUCOLUKHDLGGHMF5/#CLPCV7QU2V3PHTNTKUCOLUKHDLGGHMF5 https://www.suse.com/security/cve/CVE-2019-0203.html CVE-2019-0203 https://bugzilla.suse.com/1142721 SUSE Bug 1142721