New versions of the Subversion version management system fix vulnerabilities in the client and server which could allow an attacker to gain control of a system. The cause of the problems are multiple heap overflows in the libsvn_delta library, which may occur when the library is parsing difference data streams (binary deltas).
According to the developers, a client with commit access can cause a remote heap overflow on the server and a server can cause a heap overflow on clients that attempt a checkout or update.

Subversion releases up to and including 1.5.6 and from 1.6.0 to 1.6.3 are affected. The developers have released updates as Subversion 1.6.4 and 1.5.7 with the errors corrected. Linux distributors are already distributing new packages in their distributions and there is also a source code patch available.

The link for this article located at H Security is no longer available.