RHSA-2009:1203-01 -- Redhat subversionID: oval:org.secpod.oval:def:500580 | Date: (C)2012-01-31 (M)2021-06-02 |
Class: PATCH | Family: unix |
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
Platform: |
Red Hat Enterprise Linux 5 |
Red Hat Enterprise Linux 4 |