Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 11: Subversion-1.6.4-2 Critical: Heap Overflow Threat

fedora
Calendar Grey August 10, 2009
Dist Fedora Esm H88
This upgrade addresses memory leak vulnerabilities in Git and introduces enhanced authentication mechanisms for CentOS 7 users.
This update includes the latest stable release of Subversion, fixing many bugs and a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and...

Summary

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

Update Information:

This update includes the latest stable release of Subversion, fixing many bugs and a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious userswith commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) This update also adds support for storing passwords in the GNOME Keyring or KDE Wallet, via the new subversion-gnome and subversion-kde subpackages. For more details of the bug fixes included in this update, see:

Topics%20covered

Topics Covered

security advisory subversion update critical Fedora software fix heap overflow

Change Log

* Fri Aug 7 2009 Joe Orton 1.6.4-2 - update to 1.6.4 * Thu Jul 23 2009 Joe Orton 1.6.3-2 - remove -devel dependency on -gnome, -kde (#513313) * Tue Jun 23 2009 Joe Orton 1.6.3-1 - update to 1.6.3 * Sun Jun 14 2009 Joe Orton 1.6.2-3 - add -gnome, -kde subpackages * Mon Jun 1 2009 Joe Orton 1.6.2-2 - enable KWallet, gnome-keyring support * Fri May 15 2009 Joe Orton 1.6.2-1 - update to 1.6.2

References


[ 1 ] Bug #514744 - CVE-2009-2411 subversion: integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=514744

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: subversion
Product: Fedora 11
Version: 1.6.4
Release: 2.fc11
URL: Summary : A Modern Concurrent Version Control System

Topics%20covered

Topics Covered

security advisory subversion update critical Fedora software fix heap overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here