An update that fixes three vulnerabilities is now available. It includes one version update.
Description:
Subversion was updated to version 1.6.17 to fix several security issues:
- CVE-2011-1752: The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. - CVE-2011-1783: The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. - CVE-2011-1921: The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch libsvn_auth_gnome_keyring-1-0-4688
To bring your system up-to-date, use "zypper patch".