CORE 2:

Fedora Update Notification
FEDORA-2004-166
2004-06-11
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : subversion
Version     : 1.0.4                      
Release     : 2                  
Summary     : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

---------------------------------------------------------------------
Update Information:

A heap overflow vulnerability was discovered in the svn:// protocol
handling library, libsvn_ra_svn.  If using the svnserve daemon,
an unauthenticated client may be able execute arbitrary code as
the user the daemon runs as.  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0413.

This issue does not affect the mod_dav_svn module.

---------------------------------------------------------------------
* Mon Jun 07 2004 Joe Orton <jorton@redhat.com> 1.0.4-2

- add ra_svn security fix for CVE CAN-2004-0413 (Ben Reser)

---------------------------------------------------------------------
This update can be downloaded from:
    

453a16f649e7b5ff502d6379253bbb05  SRPMS/subversion-1.0.4-2.src.rpm
746cc7b03fe3e4b02f7374b8a03850ad  i386/subversion-1.0.4-2.i386.rpm
1dd7fd91e468d7af15e1d253c7ef1f08  i386/subversion-devel-1.0.4-2.i386.rpm
05adf7825b9d708c9eba80f359fa33d7  i386/mod_dav_svn-1.0.4-2.i386.rpm
09a54699d17c43dc7f0e585acea64455  i386/subversion-perl-1.0.4-2.i386.rpm
7c5040ab4f0cf6c5305d8edb686c0b5c  i386/debug/subversion-debuginfo-1.0.4-2.i386.rpm
640cafcc4e668e1ddf643d10d743e411  x86_64/subversion-1.0.4-2.x86_64.rpm
8140bffe9f94215a83ae2154e4f57c87  x86_64/subversion-devel-1.0.4-2.x86_64.rpm
939e83497404a0a0d4076b33329da3b5  x86_64/mod_dav_svn-1.0.4-2.x86_64.rpm
02c26dbdd27506b6bb7193abe3be7197  x86_64/subversion-perl-1.0.4-2.x86_64.rpm
7ed77899f4912048dececb765d091541  x86_64/debug/subversion-debuginfo-1.0.4-2.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
CORE 1:

Fedora Update Notification
FEDORA-2004-165
2004-06-11
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : subversion
Version     : 0.32.1                      
Release     : 5                  
Summary     : A Concurrent Versioning system similar to, but better than, CVS.
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

---------------------------------------------------------------------
Update Information:

A heap overflow vulnerability was discovered in the svn:// protocol
handling library, libsvn_ra_svn.  If using the svnserve daemon,
an unauthenticated client may be able execute arbitrary code as
the user the daemon runs as.  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0413.
                                                                                                
This issue does not affect the mod_dav_svn module.

---------------------------------------------------------------------
* Wed Jun 09 2004 Joe Orton <jorton@redhat.com> 0.32.1-5

- add security fix for CVE CAN-2004-0413 (Ben Reser)

---------------------------------------------------------------------
This update can be downloaded from:
    

85bb51a2273fe862a534db45c0f98cef  SRPMS/subversion-0.32.1-5.src.rpm
3e65c8863d12a8290465c34c9cff8c86  i386/subversion-0.32.1-5.i386.rpm
73415d6b6966fac671d44542e356a209  i386/subversion-devel-0.32.1-5.i386.rpm
e54233f3d5c996bc031cfd92c7c333ca  i386/mod_dav_svn-0.32.1-5.i386.rpm
5141615f39974fde3a0564c5d37c2fdf  i386/debug/subversion-debuginfo-0.32.1-5.i386.rpm
dfdb41c89a5d39215a461a7407acf57d  x86_64/subversion-0.32.1-5.x86_64.rpm
01d85453b31a93d7c9631af526cbc2b1  x86_64/subversion-devel-0.32.1-5.x86_64.rpm
f85473c36affcce1c4e84bde330e1f36  x86_64/mod_dav_svn-0.32.1-5.x86_64.rpm
a436f60e985c086cda8c76cb59329e57  x86_64/debug/subversion-debuginfo-0.32.1-5.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Fedora: 2,1: subversion Heap overflow vulnerability

June 17, 2004
If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the daemon's user.

Summary

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

Subversion is a concurrent version control system which enables one

or more users to collaborate in developing and maintaining a

hierarchy of files and directories while keeping a history of all

changes. Subversion only stores the differences between versions,

instead of every complete file. Subversion is intended to be a

compelling replacement for CVS.

Update Information:

A heap overflow vulnerability was discovered in the svn:// protocol handling library, libsvn_ra_svn. If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the user the daemon runs as. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413.

This issue does not affect the mod_dav_svn module.

* Mon Jun 07 2004 Joe Orton <jorton@redhat.com> 1.0.4-2

- add ra_svn security fix for CVE CAN-2004-0413 (Ben Reser)

This update can be downloaded from:


453a16f649e7b5ff502d6379253bbb05 SRPMS/subversion-1.0.4-2.src.rpm 746cc7b03fe3e4b02f7374b8a03850ad i386/subversion-1.0.4-2.i386.rpm 1dd7fd91e468d7af15e1d253c7ef1f08 i386/subversion-devel-1.0.4-2.i386.rpm 05adf7825b9d708c9eba80f359fa33d7 i386/mod_dav_svn-1.0.4-2.i386.rpm 09a54699d17c43dc7f0e585acea64455 i386/subversion-perl-1.0.4-2.i386.rpm 7c5040ab4f0cf6c5305d8edb686c0b5c i386/debug/subversion-debuginfo-1.0.4-2.i386.rpm 640cafcc4e668e1ddf643d10d743e411 x86_64/subversion-1.0.4-2.x86_64.rpm 8140bffe9f94215a83ae2154e4f57c87 x86_64/subversion-devel-1.0.4-2.x86_64.rpm 939e83497404a0a0d4076b33329da3b5 x86_64/mod_dav_svn-1.0.4-2.x86_64.rpm 02c26dbdd27506b6bb7193abe3be7197 x86_64/subversion-perl-1.0.4-2.x86_64.rpm 7ed77899f4912048dececb765d091541 x86_64/debug/subversion-debuginfo-1.0.4-2.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- CORE 1:

Fedora Update Notification FEDORA-2004-165 2004-06-11

Product : Fedora Core 1 Name : subversion Version : 0.32.1 Release : 5 Summary : A Concurrent Versioning system similar to, but better than, CVS. Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.


A heap overflow vulnerability was discovered in the svn:// protocol handling library, libsvn_ra_svn. If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the user the daemon runs as. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413.

This issue does not affect the mod_dav_svn module.

* Wed Jun 09 2004 Joe Orton <jorton@redhat.com> 0.32.1-5

- add security fix for CVE CAN-2004-0413 (Ben Reser)

This update can be downloaded from:


85bb51a2273fe862a534db45c0f98cef SRPMS/subversion-0.32.1-5.src.rpm 3e65c8863d12a8290465c34c9cff8c86 i386/subversion-0.32.1-5.i386.rpm 73415d6b6966fac671d44542e356a209 i386/subversion-devel-0.32.1-5.i386.rpm e54233f3d5c996bc031cfd92c7c333ca i386/mod_dav_svn-0.32.1-5.i386.rpm 5141615f39974fde3a0564c5d37c2fdf i386/debug/subversion-debuginfo-0.32.1-5.i386.rpm dfdb41c89a5d39215a461a7407acf57d x86_64/subversion-0.32.1-5.x86_64.rpm 01d85453b31a93d7c9631af526cbc2b1 x86_64/subversion-devel-0.32.1-5.x86_64.rpm f85473c36affcce1c4e84bde330e1f36 x86_64/mod_dav_svn-0.32.1-5.x86_64.rpm a436f60e985c086cda8c76cb59329e57 x86_64/debug/subversion-debuginfo-0.32.1-5.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Change Log

References

CORE 2: Fedora Update Notification FEDORA-2004-166 2004-06-11 Product : Fedora Core 2 Name : subversion Version : 1.0.4 Release : 2 Summary : Modern Version Control System designed to replace CVS Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS.

Update Instructions

Severity
Product : Fedora Core 2
Name : subversion
Version : 1.0.4
Release : 2
Summary : Modern Version Control System designed to replace CVS
Product : Fedora Core 1
Name : subversion
Version : 0.32.1
Release : 5
Summary : A Concurrent Versioning system similar to, but better than, CVS.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved