Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-494.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : subversion (openSUSE-SU-2013:1006-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

87.2%

JSON

This update of subversion includes several bug and security fixes.

  • update to 1.7.10 [bnc#821505] CVE-2013-1968 CVE-2013-2088 CVE-2013-2112

  • Client-side bugfixes :

  • fix โ€˜svn revertโ€™ โ€˜no such table: revert_listโ€™ spurious error

  • fix โ€˜svn diffโ€™ doesnโ€™t show some locally added files

  • fix changelist filtering when --changelist values arenโ€™t UTF8

  • fix โ€˜svn diff --gitโ€™ shows wrong copyfrom

  • fix โ€˜svn diff -x-wโ€™ shows wrong changes

  • fix โ€˜svn blameโ€™ sometimes shows every line as modified

  • fix regression in โ€˜svn status -uโ€™ output for externals

  • fix file permissions change on commit of file with keywords

  • improve some fatal error messages

  • fix externals not removed when working copy is made shallow

  • Server-side bugfixes :

  • fix repository corruption due to newline in filename

  • fix svnserve exiting when a client connection is aborted

  • fix svnserve memory use after clear

  • fix repository corruption on power/disk failure on Windows

  • Developer visible changes :

  • make get-deps.sh compatible with Solaris /bin/sh

  • fix infinite recursion bug in get-deps.sh

  • fix uninitialised output parameter of svn_fs_commit_txn()

  • Bindings :

  • fix JavaHL thread-safety bug

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-494.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75035);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-1968", "CVE-2013-2088", "CVE-2013-2112");
  script_bugtraq_id(60264, 60265, 60267);

  script_name(english:"openSUSE Security Update : subversion (openSUSE-SU-2013:1006-1)");
  script_summary(english:"Check for the openSUSE-2013-494 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of subversion includes several bug and security fixes.

  - update to 1.7.10 [bnc#821505] CVE-2013-1968
    CVE-2013-2088 CVE-2013-2112

  - Client-side bugfixes :

  - fix 'svn revert' 'no such table: revert_list' spurious
    error

  - fix 'svn diff' doesn't show some locally added files

  - fix changelist filtering when --changelist values aren't
    UTF8

  - fix 'svn diff --git' shows wrong copyfrom

  - fix 'svn diff -x-w' shows wrong changes

  - fix 'svn blame' sometimes shows every line as modified

  - fix regression in 'svn status -u' output for externals

  - fix file permissions change on commit of file with
    keywords

  - improve some fatal error messages

  - fix externals not removed when working copy is made
    shallow

  - Server-side bugfixes :

  - fix repository corruption due to newline in filename

  - fix svnserve exiting when a client connection is aborted

  - fix svnserve memory use after clear

  - fix repository corruption on power/disk failure on
    Windows

  - Developer visible changes :

  - make get-deps.sh compatible with Solaris /bin/sh

  - fix infinite recursion bug in get-deps.sh

  - fix uninitialised output parameter of
    svn_fs_commit_txn()

  - Bindings :

  - fix JavaHL thread-safety bug"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821505"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-06/msg00136.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected subversion packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-bash-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_gnome_keyring-1-0-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_kwallet-1-0-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-bash-completion-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-debugsource-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-devel-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-perl-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-perl-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-python-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-python-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-server-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-server-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-tools-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-tools-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-bash-completion-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-debugsource-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-devel-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-debuginfo-1.7.10-2.8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsvn_auth_gnome_keyring-1-0 / etc");
}
VendorProductVersionCPE
novellopensusesubversion-perl-debuginfop-cpe:/a:novell:opensuse:subversion-perl-debuginfo
novellopensusesubversion-pythonp-cpe:/a:novell:opensuse:subversion-python
novellopensusesubversion-python-debuginfop-cpe:/a:novell:opensuse:subversion-python-debuginfo
novellopensusesubversion-serverp-cpe:/a:novell:opensuse:subversion-server
novellopensusesubversion-server-debuginfop-cpe:/a:novell:opensuse:subversion-server-debuginfo
novellopensusesubversion-toolsp-cpe:/a:novell:opensuse:subversion-tools
novellopensusesubversion-tools-debuginfop-cpe:/a:novell:opensuse:subversion-tools-debuginfo
novellopensuse12.2cpe:/o:novell:opensuse:12.2
novellopensuse12.3cpe:/o:novell:opensuse:12.3
novellopensuselibsvn_auth_gnome_keyring-1-0p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0
Rows per page:
1-10 of 191

Related

nessus 18
fedora 1
openvas 15
osv 1
debian 2
mageia 1
securityvulns 2
oraclelinux 1
centos 1
redhat 1
cve 3
debiancve 3
prion 3
exploitpack 1
ubuntucve 3
veracode 2
freebsd 3
ibm 1
cvelist 3
zdt 1
nvd 3
packetstorm 1
seebug 1
exploitdb 1
ubuntu 1
gentoo 1
nessus
nessus
Apache Subversion < 1.8.0 / 1.7.10 / 1.6.23 Multiple Vulnerabilities
2013-06-04 00:00:00
Apache Subversion < 1.6.23 / 1.7.x < 1.7.10 Multiple Vulnerabilities
2013-06-04 00:00:00
Fedora 18 : subversion-1.7.11-1.fc18.1 (2013-13672)
2013-08-15 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: subversion-1.7.11-1.fc18.1
2013-08-15 02:33:32
openvas
openvas
Fedora Update for subversion FEDORA-2013-13672
2013-08-16 00:00:00
Fedora Update for subversion FEDORA-2013-13672
2013-08-16 00:00:00
Debian: Security Advisory (DSA-2703-1)
2013-06-08 00:00:00
osv
osv
subversion - several
2013-06-09 00:00:00
debian
debian
[SECURITY] [DSA 2703-1] subversion security update
2013-06-09 06:40:13
[SECURITY] [DSA 2703-1] subversion security update
2013-06-09 06:40:13
mageia
mageia
Updated subversion packages fix security vulnerabilities
2013-06-19 14:13:33
securityvulns
securityvulns
Subversion security vulnerabilities
2013-06-17 00:00:00
[SECURITY] [DSA 2703-1] subversion security update
2013-06-17 00:00:00
oraclelinux
oraclelinux
subversion security update
2014-03-05 00:00:00
centos
centos
mod_dav_svn, subversion security update
2014-03-06 11:19:14
redhat
redhat
(RHSA-2014:0255) Moderate: subversion security update
2014-03-05 00:00:00
cve
cve
CVE-2013-2088
2013-07-31 13:20:24
CVE-2013-2112
2013-07-31 13:20:24
CVE-2013-1968
2013-07-31 13:20:24
debiancve
debiancve
CVE-2013-2088
2013-07-31 13:20:24
CVE-2013-2112
2013-07-31 13:20:24
CVE-2013-1968
2013-07-31 13:20:24
prion
prion
Code injection
2013-07-31 13:20:00
Code injection
2013-07-31 13:20:00
Memory corruption
2013-07-31 13:20:00
exploitpack
exploitpack
Subversion 1.6.61.6.12 - Code Execution
2016-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2013-2112
2013-06-09 00:00:00
CVE-2013-1968
2013-06-09 00:00:00
CVE-2013-2088
2013-07-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:21:18
Authorization Bypass
2020-04-10 01:21:18
freebsd
freebsd
devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames
2013-05-31 00:00:00
devel/subversion -- svnserve remotely triggerable DoS
2013-05-31 00:00:00
devel/subversion -- contrib hook-scripts can allow arbitrary code execution
2013-05-31 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Subversion release shipped in Netcool/Impact (CVE-2013-1968)
2018-06-17 14:34:07
cvelist
cvelist
CVE-2013-2088
2013-07-31 10:00:00
CVE-2013-2112
2013-07-31 10:00:00
CVE-2013-1968
2013-07-31 10:00:00
zdt
zdt
Subversion 1.6.6 / 1.6.12 - Code Execution
2016-10-12 00:00:00
nvd
nvd
CVE-2013-1968
2013-07-31 13:20:24
CVE-2013-2112
2013-07-31 13:20:24
CVE-2013-2088
2013-07-31 13:20:24
packetstorm
packetstorm
Subversion 1.6.6 / 1.6.12 Code Execution
2016-10-13 00:00:00
seebug
seebug
Apache Subversion ๅ‘ฝไปคๆณจๅ…ฅๆผๆดž(CVE-2013-2088)
2013-06-06 00:00:00
exploitdb
exploitdb
Subversion 1.6.6/1.6.12 - Code Execution
2016-10-12 00:00:00
ubuntu
ubuntu
Subversion vulnerabilities
2013-06-27 00:00:00
gentoo
gentoo
Subversion: Multiple vulnerabilities
2013-09-23 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

87.2%

JSON
Related for OPENSUSE-2013-494.NASL
nessus18fedora1openvas15osv1debian2mageia1securityvulns2oraclelinux1centos1redhat1cve3debiancve3prion3exploitpack1ubuntucve3veracode2freebsd3ibm1cvelist3zdt1nvd3packetstorm1seebug1exploitdb1ubuntu1gentoo1