libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10538-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 on GA media These are all security issues fixed in the libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10538 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-2411/ SUSE CVE CVE-2009-2411 page https://www.suse.com/security/cve/CVE-2010-3315/ SUSE CVE CVE-2010-3315 page https://www.suse.com/security/cve/CVE-2010-4539/ SUSE CVE CVE-2010-4539 page https://www.suse.com/security/cve/CVE-2010-4644/ SUSE CVE CVE-2010-4644 page https://www.suse.com/security/cve/CVE-2011-0715/ SUSE CVE CVE-2011-0715 page https://www.suse.com/security/cve/CVE-2011-1752/ SUSE CVE CVE-2011-1752 page https://www.suse.com/security/cve/CVE-2011-1783/ SUSE CVE CVE-2011-1783 page https://www.suse.com/security/cve/CVE-2011-1921/ SUSE CVE CVE-2011-1921 page https://www.suse.com/security/cve/CVE-2013-1845/ SUSE CVE CVE-2013-1845 page https://www.suse.com/security/cve/CVE-2013-1846/ SUSE CVE CVE-2013-1846 page https://www.suse.com/security/cve/CVE-2013-1847/ SUSE CVE CVE-2013-1847 page https://www.suse.com/security/cve/CVE-2013-1849/ SUSE CVE CVE-2013-1849 page https://www.suse.com/security/cve/CVE-2013-1884/ SUSE CVE CVE-2013-1884 page https://www.suse.com/security/cve/CVE-2013-1968/ SUSE CVE CVE-2013-1968 page https://www.suse.com/security/cve/CVE-2013-2088/ SUSE CVE CVE-2013-2088 page https://www.suse.com/security/cve/CVE-2013-2112/ SUSE CVE CVE-2013-2112 page https://www.suse.com/security/cve/CVE-2013-4131/ SUSE CVE CVE-2013-4131 page https://www.suse.com/security/cve/CVE-2013-4246/ SUSE CVE CVE-2013-4246 page https://www.suse.com/security/cve/CVE-2013-4262/ SUSE CVE CVE-2013-4262 page https://www.suse.com/security/cve/CVE-2013-4277/ SUSE CVE CVE-2013-4277 page https://www.suse.com/security/cve/CVE-2013-4505/ SUSE CVE CVE-2013-4505 page https://www.suse.com/security/cve/CVE-2013-4558/ SUSE CVE CVE-2013-4558 page https://www.suse.com/security/cve/CVE-2014-0032/ SUSE CVE CVE-2014-0032 page https://www.suse.com/security/cve/CVE-2014-3522/ SUSE CVE CVE-2014-3522 page https://www.suse.com/security/cve/CVE-2014-3528/ SUSE CVE CVE-2014-3528 page https://www.suse.com/security/cve/CVE-2014-3580/ SUSE CVE CVE-2014-3580 page https://www.suse.com/security/cve/CVE-2014-8108/ SUSE CVE CVE-2014-8108 page https://www.suse.com/security/cve/CVE-2015-0202/ SUSE CVE CVE-2015-0202 page https://www.suse.com/security/cve/CVE-2015-0248/ SUSE CVE CVE-2015-0248 page https://www.suse.com/security/cve/CVE-2015-0251/ SUSE CVE CVE-2015-0251 page https://www.suse.com/security/cve/CVE-2015-3184/ SUSE CVE CVE-2015-3184 page https://www.suse.com/security/cve/CVE-2015-3187/ SUSE CVE CVE-2015-3187 page https://www.suse.com/security/cve/CVE-2015-5259/ SUSE CVE CVE-2015-5259 page https://www.suse.com/security/cve/CVE-2015-5343/ SUSE CVE CVE-2015-5343 page https://www.suse.com/security/cve/CVE-2016-2167/ SUSE CVE CVE-2016-2167 page https://www.suse.com/security/cve/CVE-2016-2168/ SUSE CVE CVE-2016-2168 page https://www.suse.com/security/cve/CVE-2016-8734/ SUSE CVE CVE-2016-8734 page openSUSE Tumbleweed libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 libsvn_auth_kwallet-1-0-1.9.5-1.1 subversion-1.9.5-1.1 subversion-bash-completion-1.9.5-1.1 subversion-devel-1.9.5-1.1 subversion-perl-1.9.5-1.1 subversion-python-1.9.5-1.1 subversion-python-ctypes-1.9.5-1.1 subversion-ruby-1.9.5-1.1 subversion-server-1.9.5-1.1 subversion-tools-1.9.5-1.1 libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 as a component of openSUSE Tumbleweed libsvn_auth_kwallet-1-0-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-bash-completion-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-devel-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-perl-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-python-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-python-ctypes-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-ruby-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-server-1.9.5-1.1 as a component of openSUSE Tumbleweed subversion-tools-1.9.5-1.1 as a component of openSUSE Tumbleweed Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. CVE-2009-2411 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-2411.html CVE-2009-2411 https://bugzilla.suse.com/528714 SUSE Bug 528714 https://bugzilla.suse.com/802057 SUSE Bug 802057 authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. CVE-2010-3315 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3315.html CVE-2010-3315 https://bugzilla.suse.com/649861 SUSE Bug 649861 The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. CVE-2010-4539 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4539.html CVE-2010-4539 https://bugzilla.suse.com/662030 SUSE Bug 662030 Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. CVE-2010-4644 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4644.html CVE-2010-4644 https://bugzilla.suse.com/662030 SUSE Bug 662030 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. CVE-2011-0715 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0715.html CVE-2011-0715 https://bugzilla.suse.com/676949 SUSE Bug 676949 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. CVE-2011-1752 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1752.html CVE-2011-1752 https://bugzilla.suse.com/698205 SUSE Bug 698205 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. CVE-2011-1783 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1783.html CVE-2011-1783 https://bugzilla.suse.com/698205 SUSE Bug 698205 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. CVE-2011-1921 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1921.html CVE-2011-1921 https://bugzilla.suse.com/698205 SUSE Bug 698205 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. CVE-2013-1845 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1845.html CVE-2013-1845 https://bugzilla.suse.com/813913 SUSE Bug 813913 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. CVE-2013-1846 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1846.html CVE-2013-1846 https://bugzilla.suse.com/813913 SUSE Bug 813913 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. CVE-2013-1847 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1847.html CVE-2013-1847 https://bugzilla.suse.com/813913 SUSE Bug 813913 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. CVE-2013-1849 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1849.html CVE-2013-1849 https://bugzilla.suse.com/813913 SUSE Bug 813913 The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. CVE-2013-1884 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1884.html CVE-2013-1884 https://bugzilla.suse.com/813913 SUSE Bug 813913 Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. CVE-2013-1968 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5.5 AV:N/AC:L/Au:S/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1968.html CVE-2013-1968 https://bugzilla.suse.com/821505 SUSE Bug 821505 contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. CVE-2013-2088 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2088.html CVE-2013-2088 https://bugzilla.suse.com/821505 SUSE Bug 821505 The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. CVE-2013-2112 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2112.html CVE-2013-2112 https://bugzilla.suse.com/821505 SUSE Bug 821505 The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. CVE-2013-4131 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4131.html CVE-2013-4131 https://bugzilla.suse.com/830031 SUSE Bug 830031 libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. CVE-2013-4246 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4246.html CVE-2013-4246 https://bugzilla.suse.com/836245 SUSE Bug 836245 svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. CVE-2013-4262 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 2.4 AV:L/AC:H/Au:S/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4262.html CVE-2013-4262 https://bugzilla.suse.com/844201 SUSE Bug 844201 Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. CVE-2013-4277 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4277.html CVE-2013-4277 https://bugzilla.suse.com/836245 SUSE Bug 836245 The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. CVE-2013-4505 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4505.html CVE-2013-4505 https://bugzilla.suse.com/850667 SUSE Bug 850667 https://bugzilla.suse.com/850747 SUSE Bug 850747 https://bugzilla.suse.com/862459 SUSE Bug 862459 The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. CVE-2013-4558 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4558.html CVE-2013-4558 https://bugzilla.suse.com/850667 SUSE Bug 850667 https://bugzilla.suse.com/850747 SUSE Bug 850747 https://bugzilla.suse.com/862459 SUSE Bug 862459 The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. CVE-2014-0032 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0032.html CVE-2014-0032 https://bugzilla.suse.com/862459 SUSE Bug 862459 The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-3522 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3522.html CVE-2014-3522 https://bugzilla.suse.com/890511 SUSE Bug 890511 Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. CVE-2014-3528 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3528.html CVE-2014-3528 https://bugzilla.suse.com/889849 SUSE Bug 889849 https://bugzilla.suse.com/890511 SUSE Bug 890511 The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. CVE-2014-3580 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3580.html CVE-2014-3580 https://bugzilla.suse.com/909935 SUSE Bug 909935 https://bugzilla.suse.com/910376 SUSE Bug 910376 The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. CVE-2014-8108 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8108.html CVE-2014-8108 https://bugzilla.suse.com/909935 SUSE Bug 909935 The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. CVE-2015-0202 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0202.html CVE-2015-0202 https://bugzilla.suse.com/923793 SUSE Bug 923793 The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. CVE-2015-0248 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0248.html CVE-2015-0248 https://bugzilla.suse.com/923794 SUSE Bug 923794 The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. CVE-2015-0251 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0251.html CVE-2015-0251 https://bugzilla.suse.com/923795 SUSE Bug 923795 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. CVE-2015-3184 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3184.html CVE-2015-3184 https://bugzilla.suse.com/938723 SUSE Bug 938723 https://bugzilla.suse.com/939514 SUSE Bug 939514 https://bugzilla.suse.com/939516 SUSE Bug 939516 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. CVE-2015-3187 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3187.html CVE-2015-3187 https://bugzilla.suse.com/939517 SUSE Bug 939517 Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. CVE-2015-5259 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9 AV:N/AC:L/Au:N/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5259.html CVE-2015-5259 https://bugzilla.suse.com/958299 SUSE Bug 958299 Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. CVE-2015-5343 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 important 8 AV:N/AC:L/Au:S/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5343.html CVE-2015-5343 https://bugzilla.suse.com/958300 SUSE Bug 958300 The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. CVE-2016-2167 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2167.html CVE-2016-2167 https://bugzilla.suse.com/976849 SUSE Bug 976849 The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. CVE-2016-2168 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2168.html CVE-2016-2168 https://bugzilla.suse.com/976850 SUSE Bug 976850 Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. CVE-2016-8734 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.9.5-1.1 openSUSE Tumbleweed:subversion-1.9.5-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.9.5-1.1 openSUSE Tumbleweed:subversion-devel-1.9.5-1.1 openSUSE Tumbleweed:subversion-perl-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-1.9.5-1.1 openSUSE Tumbleweed:subversion-python-ctypes-1.9.5-1.1 openSUSE Tumbleweed:subversion-ruby-1.9.5-1.1 openSUSE Tumbleweed:subversion-server-1.9.5-1.1 openSUSE Tumbleweed:subversion-tools-1.9.5-1.1 low 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8734.html CVE-2016-8734 https://bugzilla.suse.com/1011552 SUSE Bug 1011552