lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NHjnQ-00023I-TJ@titan.mandriva.com>
Date: Mon, 07 Dec 2009 21:03:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:199-1 ] subversion


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:199-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : subversion
 Date    : December 7, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in subversion:
 
 Multiple integer overflows in the libsvn_delta library in Subversion
 before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users
 and remote Subversion servers to execute arbitrary code via an svndiff
 stream with large windows that trigger a heap-based buffer overflow,
 a related issue to CVE-2009-2412 (CVE-2009-2411).
 
 This update provides a solution to this vulnerability and in turn
 upgrades subversion where possible to provide additional features
 and upstream bugfixes and adds required dependencies where needed.

 Update:

 Packages for 2008.0 are being provided due to extended support for
 Corporate products.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 cd8730247a1f1b95cd6a5d0ccdb4d25e  2008.0/i586/apache-mod_dav_svn-1.4.6-0.1mdv2008.0.i586.rpm
 8856d2f5d4002dcfc90bbe4d83d97467  2008.0/i586/apache-mod_dontdothat-1.4.6-0.1mdv2008.0.i586.rpm
 5f827bc98c06636cc9309d870924eb00  2008.0/i586/libsvn0-1.4.6-0.1mdv2008.0.i586.rpm
 8cbae8ef77447948e07a57c9f8d61264  2008.0/i586/perl-SVN-1.4.6-0.1mdv2008.0.i586.rpm
 6fac9b4c061f4f4602586c986353172d  2008.0/i586/perl-SVN-devel-1.4.6-0.1mdv2008.0.i586.rpm
 5e8f67c21f67b90105beaf6104bf5190  2008.0/i586/python-svn-1.4.6-0.1mdv2008.0.i586.rpm
 e78ecf59828acd7af3c7063526f82c76  2008.0/i586/python-svn-devel-1.4.6-0.1mdv2008.0.i586.rpm
 1a7b5441ab5e443e410a9aefbc4e3435  2008.0/i586/ruby-svn-1.4.6-0.1mdv2008.0.i586.rpm
 52f1007346c2911077eebccd66c5a3ef  2008.0/i586/ruby-svn-devel-1.4.6-0.1mdv2008.0.i586.rpm
 3bcb28b4d850cd4675a71244fd752aef  2008.0/i586/subversion-1.4.6-0.1mdv2008.0.i586.rpm
 81e05e627d9c09aaf503a45d54b636a4  2008.0/i586/subversion-devel-1.4.6-0.1mdv2008.0.i586.rpm
 eb5af70ee51862cde7e85e6c891175af  2008.0/i586/subversion-doc-1.4.6-0.1mdv2008.0.i586.rpm
 4c45cfef462f13ba285bf68358dde747  2008.0/i586/subversion-server-1.4.6-0.1mdv2008.0.i586.rpm
 1cc20e97ecc78474e3bd715efb22d9bd  2008.0/i586/subversion-tools-1.4.6-0.1mdv2008.0.i586.rpm
 592799a80610eb351deb49f8bd5ea31b  2008.0/i586/svn-javahl-1.4.6-0.1mdv2008.0.i586.rpm
 2e41bd21eda3a5fdce88f6ebb95550ef  2008.0/i586/svn-javahl-javadoc-1.4.6-0.1mdv2008.0.i586.rpm 
 a7690f81b87fb9c56f6fd2656b63cc55  2008.0/SRPMS/subversion-1.4.6-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d2dc1a7c23e265921b5e83e072dcb526  2008.0/x86_64/apache-mod_dav_svn-1.4.6-0.1mdv2008.0.x86_64.rpm
 1578ba8e81f5edaccb5b7480af024fa3  2008.0/x86_64/apache-mod_dontdothat-1.4.6-0.1mdv2008.0.x86_64.rpm
 b58016a752f50ac8aaa6d67726de623c  2008.0/x86_64/lib64svn0-1.4.6-0.1mdv2008.0.x86_64.rpm
 7ca88436f8cd2bc7321e12a6a02c2824  2008.0/x86_64/perl-SVN-1.4.6-0.1mdv2008.0.x86_64.rpm
 e382668163319e51c4bd2d9358044398  2008.0/x86_64/perl-SVN-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
 90b0a44a6ab7f8e4327119c8106146fa  2008.0/x86_64/python-svn-1.4.6-0.1mdv2008.0.x86_64.rpm
 3d023a5d181b7763f8ffa22cf4c719f2  2008.0/x86_64/python-svn-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
 7537fb41775f4a3a9ce1bcd1e7b8f864  2008.0/x86_64/ruby-svn-1.4.6-0.1mdv2008.0.x86_64.rpm
 8181a0346c21330e051e6b21ff7f427d  2008.0/x86_64/ruby-svn-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
 40c011c5a55c79bfa511d45a70d49ca0  2008.0/x86_64/subversion-1.4.6-0.1mdv2008.0.x86_64.rpm
 41e25eea5b66b9e14fcfe5da71f74b59  2008.0/x86_64/subversion-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
 87830dab8b9a81caa567808317eb3d4d  2008.0/x86_64/subversion-doc-1.4.6-0.1mdv2008.0.x86_64.rpm
 6b5f409f5e161a511595d511ec4f98b5  2008.0/x86_64/subversion-server-1.4.6-0.1mdv2008.0.x86_64.rpm
 bcb8d52a88a0dc5038695619d66bcb2d  2008.0/x86_64/subversion-tools-1.4.6-0.1mdv2008.0.x86_64.rpm
 466aa45fda5d8b6f5adc9cad6f82f9a1  2008.0/x86_64/svn-javahl-1.4.6-0.1mdv2008.0.x86_64.rpm
 d3e0dc4a1b890e198d3c20c54109435e  2008.0/x86_64/svn-javahl-javadoc-1.4.6-0.1mdv2008.0.x86_64.rpm 
 a7690f81b87fb9c56f6fd2656b63cc55  2008.0/SRPMS/subversion-1.4.6-0.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLHTP6mqjQ0CJFipgRAvQ7AJ49r9UXZTqBgNHXad7MN1AcYpaKFACg8F4/
R5JDcgcV6fXLLTBYOmyclZk=
=RoF5
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ