SCIENTIFIC-LINUX-ERRATA Archives

August 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: subversion on SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Tue, 11 Aug 2009 14:37:46 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (66 lines) 
Synopsis:	Important: subversion security update
Issue date:	2009-08-10
CVE Names:	CVE-2009-2411

CVE-2009-2411 subversion: multiple heap overflow issues

Matt Lewis, of Google, reported multiple heap overflow flaws in 
Subversion (server and client) when parsing binary deltas. A malicious 
user with commit access to a server could use these flaws to cause a 
heap overflow on that server. A malicious server could use these flaws 
to cause a heap overflow on a client when it attempts to checkout or 
update. These heap overflows can result in a crash or, possibly, 
arbitrary code execution. (CVE-2009-2411)

After installing the updated packages, the Subversion server must be 
restarted for the update to take effect: restart httpd if you are using 
mod_dav_svn, or restart svnserve if it is used.

SL 4.x

      SRPMS:
subversion-1.1.4-3.el4_8.2.src.rpm
      i386:
mod_dav_svn-1.1.4-3.el4_8.2.i386.rpm
subversion-1.1.4-3.el4_8.2.i386.rpm
subversion-devel-1.1.4-3.el4_8.2.i386.rpm
subversion-perl-1.1.4-3.el4_8.2.i386.rpm
      x86_64:
mod_dav_svn-1.1.4-3.el4_8.2.x86_64.rpm
subversion-1.1.4-3.el4_8.2.x86_64.rpm
subversion-devel-1.1.4-3.el4_8.2.x86_64.rpm
subversion-perl-1.1.4-3.el4_8.2.x86_64.rpm

SL 5.x

      SRPMS:
subversion-1.4.2-4.el5_3.1.src.rpm
      i386:
mod_dav_svn-1.4.2-4.el5_3.1.i386.rpm
subversion-1.4.2-4.el5_3.1.i386.rpm
subversion-devel-1.4.2-4.el5_3.1.i386.rpm
subversion-javahl-1.4.2-4.el5_3.1.i386.rpm
subversion-perl-1.4.2-4.el5_3.1.i386.rpm
subversion-ruby-1.4.2-4.el5_3.1.i386.rpm
   Dependancies for 5.0, 5.1, and 5.2:
neon-0.25.5-10.el5.i386.rpm
neon-devel-0.25.5-10.el5.i386.rpm

      x86_64:
mod_dav_svn-1.4.2-4.el5_3.1.x86_64.rpm
subversion-1.4.2-4.el5_3.1.i386.rpm
subversion-1.4.2-4.el5_3.1.x86_64.rpm
subversion-devel-1.4.2-4.el5_3.1.i386.rpm
subversion-devel-1.4.2-4.el5_3.1.x86_64.rpm
subversion-javahl-1.4.2-4.el5_3.1.x86_64.rpm
subversion-perl-1.4.2-4.el5_3.1.x86_64.rpm
subversion-ruby-1.4.2-4.el5_3.1.x86_64.rpm
   Dependancies for 5.0, 5.1, and 5.2:
neon-0.25.5-10.el5.i386.rpm
neon-0.25.5-10.el5.x86_64.rpm
neon-devel-0.25.5-10.el5.i386.rpm
neon-devel-0.25.5-10.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2