Security update for subversion
This update fixes the following security issues:
* CVE-2015-5343: Possible remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300)
* CVE-2015-3184: mod_authz_svn information leak information in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514)
* CVE-2015-3187: hidden paths leaked by path-based authz (bsc#939517)
-
Submitted by
Tomáš Chvátal (scarabeus_iv)
Fixed bugs
bnc#958300
Heap overflow and out-of-bounds read in mod_dav_svn
bnc#939514
VUL-0: CVE-2015-3184: subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
bnc#939517
VUL-1: CVE-2015-3187: subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
