libsvn_auth_gnome_keyring-1-0-1.14.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12007-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsvn_auth_gnome_keyring-1-0-1.14.2-1.1 on GA media These are all security issues fixed in the libsvn_auth_gnome_keyring-1-0-1.14.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12007 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-28544/ SUSE CVE CVE-2021-28544 page https://www.suse.com/security/cve/CVE-2022-24070/ SUSE CVE CVE-2022-24070 page openSUSE Tumbleweed libsvn_auth_gnome_keyring-1-0-1.14.2-1.1 libsvn_auth_kwallet-1-0-1.14.2-1.1 subversion-1.14.2-1.1 subversion-bash-completion-1.14.2-1.1 subversion-devel-1.14.2-1.1 subversion-perl-1.14.2-1.1 subversion-python-1.14.2-1.1 subversion-ruby-1.14.2-1.1 subversion-server-1.14.2-1.1 subversion-tools-1.14.2-1.1 libsvn_auth_gnome_keyring-1-0-1.14.2-1.1 as a component of openSUSE Tumbleweed libsvn_auth_kwallet-1-0-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-bash-completion-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-devel-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-perl-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-python-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-ruby-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-server-1.14.2-1.1 as a component of openSUSE Tumbleweed subversion-tools-1.14.2-1.1 as a component of openSUSE Tumbleweed Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. CVE-2021-28544 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.2-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.2-1.1 openSUSE Tumbleweed:subversion-1.14.2-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.14.2-1.1 openSUSE Tumbleweed:subversion-devel-1.14.2-1.1 openSUSE Tumbleweed:subversion-perl-1.14.2-1.1 openSUSE Tumbleweed:subversion-python-1.14.2-1.1 openSUSE Tumbleweed:subversion-ruby-1.14.2-1.1 openSUSE Tumbleweed:subversion-server-1.14.2-1.1 openSUSE Tumbleweed:subversion-tools-1.14.2-1.1 moderate 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-28544.html CVE-2021-28544 https://bugzilla.suse.com/1197939 SUSE Bug 1197939 Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. CVE-2022-24070 openSUSE Tumbleweed:libsvn_auth_gnome_keyring-1-0-1.14.2-1.1 openSUSE Tumbleweed:libsvn_auth_kwallet-1-0-1.14.2-1.1 openSUSE Tumbleweed:subversion-1.14.2-1.1 openSUSE Tumbleweed:subversion-bash-completion-1.14.2-1.1 openSUSE Tumbleweed:subversion-devel-1.14.2-1.1 openSUSE Tumbleweed:subversion-perl-1.14.2-1.1 openSUSE Tumbleweed:subversion-python-1.14.2-1.1 openSUSE Tumbleweed:subversion-ruby-1.14.2-1.1 openSUSE Tumbleweed:subversion-server-1.14.2-1.1 openSUSE Tumbleweed:subversion-tools-1.14.2-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-24070.html CVE-2022-24070 https://bugzilla.suse.com/1197940 SUSE Bug 1197940