Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2015 [ANNOUNCE] Apache Subversion 1.8.19 released 14 August 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: subversion Publisher: Apache Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-9800 Reference: ESB-2017.1985 Original Bulletin: http://subversion.apache.org/download.cgi?update=201708081800 - --------------------------BEGIN INCLUDED TEXT-------------------- I'm happy to announce the release of Apache Subversion 1.9.7. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download.cgi?update=201708081800#recommended-release This is a stable security release of the Apache Subversion open source version control system. It fixes one security issue: CVE-2017-9800: Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url http://subversion.apache.org/security/CVE-2017-9800-advisory.txt The SHA1 checksums are: 874b81749cdc3e88152d103243c3623ac6338388 subversion-1.9.7.tar.bz2 1a5f48acf9d0faa60e8c7aea96a9b29ab1d4dcac subversion-1.9.7.tar.gz 741727b62596bf27f75838c46d1bb6938c83fbd7 subversion-1.9.7.zip SHA-512 checksums are available at: https://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.sha512 https://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz.sha512 https://www.apache.org/dist/subversion/subversion-1.9.7.zip.sha512 PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.9.7.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.9.7.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.9.7.zip.asc For this release, the following people have provided PGP signatures: Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Evgeny Kotkov [4096R/B64FFF1209F9FA74] with fingerprint: E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74 Stefan Hett (CODE SIGNING KEY) [4096R/376A3CFD110B1C95] with fingerprint: 7B8C A7F6 451A D89C 8ADC 077B 376A 3CFD 110B 1C95 Daniel Shahaf [3072R/A5FEEE3AC7937444] with fingerprint: E966 46BE 08C0 AF0A A0F9 0788 A5FE EE3A C793 7444 Philip Martin [2048R/76D788E1ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Release notes for the 1.9.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.9.html You can find the list of changes between 1.9.7 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.9.7/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - - The Subversion Team - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWZEJK4x+lLeg9Ub1AQhnyA/+KBVZfQ6LxiqQHNp+pWfBgHZlgbc4eKx9 XbmQdCkLLtAvgfSBOFA63Awmpq0OuH2Di5vzZBfl18StKf6d3eCEfz/oCHvZGLff bNfcvA5B299UKeLzM+rn+ixwDirir1vLyAhVnBII9wgTSOqE3dHk4jcA+uB5DQz8 2Ob3bM10eZ6pOICAUxa/vQXRrVDnX3EmcDAupJ6Yui5yJFzNHf3RoQx3PU9JxqsR UUpj4FALbQ95/Ff9jjVTvz7SvA4kbN0yX9mBWrYECgJUEcEbplSuXRE/Q4IQ8hpK 0PAdv2+x/iosMOWN3Eezu9eFQlHUpQ7VBXuCfOpdD6EIXmkzXONFPFoQ95b3hmQS dgqbuGi9AnVBptIsL3u31A2eGSs5e7GRlZErEsZMLt8oGmes2PFE5P0odTNJivcy E/JkFYDVjXQkxMwGyX+vCg0yuu8eJsxAMM56GayHLljX+rTTzHXOGzjfa64DcI4G qhSRuMOel7E9ysd+uDizDIo1eDh1dhIr3C1Pk1P//ddDs0yhilRZzSGZToaZrvs9 UL7TcpQo6MnQPViJQCW01CJudmjYFJHMr1EW0cumrTVG1g4y7/q33ApgLGx+xeCn psTO1i+Hc5WjraIXljK0zCYCfsPWc7M/07deKpstvu3SpHUrqvA3N5oRn2WX7XeB TLHouwVhSSc= =VGym -----END PGP SIGNATURE-----