Security update for subversion SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1401-1 Final 1 1 2015-08-07T11:56:11Z current 2015-08-07T11:56:11Z 2015-08-07T11:56:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for subversion subversion was updated to version 1.8.14 to fix two security issues. These security issues were fixed: - CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517). - CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html E-Mail link for openSUSE-SU-2015:1401-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libsvn_auth_gnome_keyring-1-0-1.8.14-2.39.1 libsvn_auth_kwallet-1-0-1.8.14-2.39.1 subversion-1.8.14-2.39.1 subversion-bash-completion-1.8.14-2.39.1 subversion-devel-1.8.14-2.39.1 subversion-perl-1.8.14-2.39.1 subversion-python-1.8.14-2.39.1 subversion-ruby-1.8.14-2.39.1 subversion-server-1.8.14-2.39.1 subversion-tools-1.8.14-2.39.1 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. CVE-2015-3184 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html https://www.suse.com/security/cve/CVE-2015-3184.html CVE-2015-3184 https://bugzilla.suse.com/938723 SUSE Bug 938723 https://bugzilla.suse.com/939514 SUSE Bug 939514 https://bugzilla.suse.com/939516 SUSE Bug 939516 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. CVE-2015-3187 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html https://www.suse.com/security/cve/CVE-2015-3187.html CVE-2015-3187 https://bugzilla.suse.com/939517 SUSE Bug 939517