libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11412 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 on GA media These are all security issues fixed in the libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11412 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11412 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2007-2448/ SUSE CVE CVE-2007-2448 page https://www.suse.com/security/cve/CVE-2017-9800/ SUSE CVE CVE-2017-9800 page https://www.suse.com/security/cve/CVE-2018-11782/ SUSE CVE CVE-2018-11782 page https://www.suse.com/security/cve/CVE-2018-11803/ SUSE CVE CVE-2018-11803 page https://www.suse.com/security/cve/CVE-2019-0203/ SUSE CVE CVE-2019-0203 page https://www.suse.com/security/cve/CVE-2020-17525/ SUSE CVE CVE-2020-17525 page openSUSE Tumbleweed libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 libsvn_auth_kwallet-1-0-1.14.1-1.11 subversion-1.14.1-1.11 subversion-bash-completion-1.14.1-1.11 subversion-devel-1.14.1-1.11 subversion-perl-1.14.1-1.11 subversion-python-1.14.1-1.11 subversion-ruby-1.14.1-1.11 subversion-server-1.14.1-1.11 subversion-tools-1.14.1-1.11 libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 as a component of openSUSE Tumbleweed libsvn_auth_kwallet-1-0-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-bash-completion-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-devel-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-perl-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-python-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-ruby-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-server-1.14.1-1.11 as a component of openSUSE Tumbleweed subversion-tools-1.14.1-1.11 as a component of openSUSE Tumbleweed Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. CVE-2007-2448 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.1-1.11 openSUSE Tumbleweed:subversion-1.14.1-1.11 openSUSE Tumbleweed:subversion-bash-completion-1.14.1-1.11 openSUSE Tumbleweed:subversion-devel-1.14.1-1.11 openSUSE Tumbleweed:subversion-perl-1.14.1-1.11 openSUSE Tumbleweed:subversion-python-1.14.1-1.11 openSUSE Tumbleweed:subversion-ruby-1.14.1-1.11 openSUSE Tumbleweed:subversion-server-1.14.1-1.11 openSUSE Tumbleweed:subversion-tools-1.14.1-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-2448.html CVE-2007-2448 https://bugzilla.suse.com/283761 SUSE Bug 283761 A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. CVE-2017-9800 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.1-1.11 openSUSE Tumbleweed:subversion-1.14.1-1.11 openSUSE Tumbleweed:subversion-bash-completion-1.14.1-1.11 openSUSE Tumbleweed:subversion-devel-1.14.1-1.11 openSUSE Tumbleweed:subversion-perl-1.14.1-1.11 openSUSE Tumbleweed:subversion-python-1.14.1-1.11 openSUSE Tumbleweed:subversion-ruby-1.14.1-1.11 openSUSE Tumbleweed:subversion-server-1.14.1-1.11 openSUSE Tumbleweed:subversion-tools-1.14.1-1.11 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9800.html CVE-2017-9800 https://bugzilla.suse.com/1051362 SUSE Bug 1051362 https://bugzilla.suse.com/1052481 SUSE Bug 1052481 https://bugzilla.suse.com/1052696 SUSE Bug 1052696 https://bugzilla.suse.com/1052932 SUSE Bug 1052932 https://bugzilla.suse.com/1053364 SUSE Bug 1053364 https://bugzilla.suse.com/1054653 SUSE Bug 1054653 https://bugzilla.suse.com/1066430 SUSE Bug 1066430 https://bugzilla.suse.com/1071709 SUSE Bug 1071709 https://bugzilla.suse.com/1128150 SUSE Bug 1128150 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. CVE-2018-11782 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.1-1.11 openSUSE Tumbleweed:subversion-1.14.1-1.11 openSUSE Tumbleweed:subversion-bash-completion-1.14.1-1.11 openSUSE Tumbleweed:subversion-devel-1.14.1-1.11 openSUSE Tumbleweed:subversion-perl-1.14.1-1.11 openSUSE Tumbleweed:subversion-python-1.14.1-1.11 openSUSE Tumbleweed:subversion-ruby-1.14.1-1.11 openSUSE Tumbleweed:subversion-server-1.14.1-1.11 openSUSE Tumbleweed:subversion-tools-1.14.1-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11782.html CVE-2018-11782 https://bugzilla.suse.com/1142743 SUSE Bug 1142743 Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. CVE-2018-11803 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.1-1.11 openSUSE Tumbleweed:subversion-1.14.1-1.11 openSUSE Tumbleweed:subversion-bash-completion-1.14.1-1.11 openSUSE Tumbleweed:subversion-devel-1.14.1-1.11 openSUSE Tumbleweed:subversion-perl-1.14.1-1.11 openSUSE Tumbleweed:subversion-python-1.14.1-1.11 openSUSE Tumbleweed:subversion-ruby-1.14.1-1.11 openSUSE Tumbleweed:subversion-server-1.14.1-1.11 openSUSE Tumbleweed:subversion-tools-1.14.1-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11803.html CVE-2018-11803 https://bugzilla.suse.com/1122842 SUSE Bug 1122842 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. CVE-2019-0203 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.1-1.11 openSUSE Tumbleweed:subversion-1.14.1-1.11 openSUSE Tumbleweed:subversion-bash-completion-1.14.1-1.11 openSUSE Tumbleweed:subversion-devel-1.14.1-1.11 openSUSE Tumbleweed:subversion-perl-1.14.1-1.11 openSUSE Tumbleweed:subversion-python-1.14.1-1.11 openSUSE Tumbleweed:subversion-ruby-1.14.1-1.11 openSUSE Tumbleweed:subversion-server-1.14.1-1.11 openSUSE Tumbleweed:subversion-tools-1.14.1-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-0203.html CVE-2019-0203 https://bugzilla.suse.com/1142721 SUSE Bug 1142721 Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 CVE-2020-17525 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.1-1.11 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.1-1.11 openSUSE Tumbleweed:subversion-1.14.1-1.11 openSUSE Tumbleweed:subversion-bash-completion-1.14.1-1.11 openSUSE Tumbleweed:subversion-devel-1.14.1-1.11 openSUSE Tumbleweed:subversion-perl-1.14.1-1.11 openSUSE Tumbleweed:subversion-python-1.14.1-1.11 openSUSE Tumbleweed:subversion-ruby-1.14.1-1.11 openSUSE Tumbleweed:subversion-server-1.14.1-1.11 openSUSE Tumbleweed:subversion-tools-1.14.1-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-17525.html CVE-2020-17525 https://bugzilla.suse.com/1181687 SUSE Bug 1181687