Subject: | |
From: | |
Reply To: | |
Date: | Tue, 11 Aug 2009 14:37:46 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: subversion security update
Issue date: 2009-08-10
CVE Names: CVE-2009-2411
CVE-2009-2411 subversion: multiple heap overflow issues
Matt Lewis, of Google, reported multiple heap overflow flaws in
Subversion (server and client) when parsing binary deltas. A malicious
user with commit access to a server could use these flaws to cause a
heap overflow on that server. A malicious server could use these flaws
to cause a heap overflow on a client when it attempts to checkout or
update. These heap overflows can result in a crash or, possibly,
arbitrary code execution. (CVE-2009-2411)
After installing the updated packages, the Subversion server must be
restarted for the update to take effect: restart httpd if you are using
mod_dav_svn, or restart svnserve if it is used.
SL 4.x
SRPMS:
subversion-1.1.4-3.el4_8.2.src.rpm
i386:
mod_dav_svn-1.1.4-3.el4_8.2.i386.rpm
subversion-1.1.4-3.el4_8.2.i386.rpm
subversion-devel-1.1.4-3.el4_8.2.i386.rpm
subversion-perl-1.1.4-3.el4_8.2.i386.rpm
x86_64:
mod_dav_svn-1.1.4-3.el4_8.2.x86_64.rpm
subversion-1.1.4-3.el4_8.2.x86_64.rpm
subversion-devel-1.1.4-3.el4_8.2.x86_64.rpm
subversion-perl-1.1.4-3.el4_8.2.x86_64.rpm
SL 5.x
SRPMS:
subversion-1.4.2-4.el5_3.1.src.rpm
i386:
mod_dav_svn-1.4.2-4.el5_3.1.i386.rpm
subversion-1.4.2-4.el5_3.1.i386.rpm
subversion-devel-1.4.2-4.el5_3.1.i386.rpm
subversion-javahl-1.4.2-4.el5_3.1.i386.rpm
subversion-perl-1.4.2-4.el5_3.1.i386.rpm
subversion-ruby-1.4.2-4.el5_3.1.i386.rpm
Dependancies for 5.0, 5.1, and 5.2:
neon-0.25.5-10.el5.i386.rpm
neon-devel-0.25.5-10.el5.i386.rpm
x86_64:
mod_dav_svn-1.4.2-4.el5_3.1.x86_64.rpm
subversion-1.4.2-4.el5_3.1.i386.rpm
subversion-1.4.2-4.el5_3.1.x86_64.rpm
subversion-devel-1.4.2-4.el5_3.1.i386.rpm
subversion-devel-1.4.2-4.el5_3.1.x86_64.rpm
subversion-javahl-1.4.2-4.el5_3.1.x86_64.rpm
subversion-perl-1.4.2-4.el5_3.1.x86_64.rpm
subversion-ruby-1.4.2-4.el5_3.1.x86_64.rpm
Dependancies for 5.0, 5.1, and 5.2:
neon-0.25.5-10.el5.i386.rpm
neon-0.25.5-10.el5.x86_64.rpm
neon-devel-0.25.5-10.el5.i386.rpm
neon-devel-0.25.5-10.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|