[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NHjnQ-00023I-TJ@titan.mandriva.com>
Date: Mon, 07 Dec 2009 21:03:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:199-1 ] subversion
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:199-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : subversion
Date : December 7, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in subversion:
Multiple integer overflows in the libsvn_delta library in Subversion
before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users
and remote Subversion servers to execute arbitrary code via an svndiff
stream with large windows that trigger a heap-based buffer overflow,
a related issue to CVE-2009-2412 (CVE-2009-2411).
This update provides a solution to this vulnerability and in turn
upgrades subversion where possible to provide additional features
and upstream bugfixes and adds required dependencies where needed.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
cd8730247a1f1b95cd6a5d0ccdb4d25e 2008.0/i586/apache-mod_dav_svn-1.4.6-0.1mdv2008.0.i586.rpm
8856d2f5d4002dcfc90bbe4d83d97467 2008.0/i586/apache-mod_dontdothat-1.4.6-0.1mdv2008.0.i586.rpm
5f827bc98c06636cc9309d870924eb00 2008.0/i586/libsvn0-1.4.6-0.1mdv2008.0.i586.rpm
8cbae8ef77447948e07a57c9f8d61264 2008.0/i586/perl-SVN-1.4.6-0.1mdv2008.0.i586.rpm
6fac9b4c061f4f4602586c986353172d 2008.0/i586/perl-SVN-devel-1.4.6-0.1mdv2008.0.i586.rpm
5e8f67c21f67b90105beaf6104bf5190 2008.0/i586/python-svn-1.4.6-0.1mdv2008.0.i586.rpm
e78ecf59828acd7af3c7063526f82c76 2008.0/i586/python-svn-devel-1.4.6-0.1mdv2008.0.i586.rpm
1a7b5441ab5e443e410a9aefbc4e3435 2008.0/i586/ruby-svn-1.4.6-0.1mdv2008.0.i586.rpm
52f1007346c2911077eebccd66c5a3ef 2008.0/i586/ruby-svn-devel-1.4.6-0.1mdv2008.0.i586.rpm
3bcb28b4d850cd4675a71244fd752aef 2008.0/i586/subversion-1.4.6-0.1mdv2008.0.i586.rpm
81e05e627d9c09aaf503a45d54b636a4 2008.0/i586/subversion-devel-1.4.6-0.1mdv2008.0.i586.rpm
eb5af70ee51862cde7e85e6c891175af 2008.0/i586/subversion-doc-1.4.6-0.1mdv2008.0.i586.rpm
4c45cfef462f13ba285bf68358dde747 2008.0/i586/subversion-server-1.4.6-0.1mdv2008.0.i586.rpm
1cc20e97ecc78474e3bd715efb22d9bd 2008.0/i586/subversion-tools-1.4.6-0.1mdv2008.0.i586.rpm
592799a80610eb351deb49f8bd5ea31b 2008.0/i586/svn-javahl-1.4.6-0.1mdv2008.0.i586.rpm
2e41bd21eda3a5fdce88f6ebb95550ef 2008.0/i586/svn-javahl-javadoc-1.4.6-0.1mdv2008.0.i586.rpm
a7690f81b87fb9c56f6fd2656b63cc55 2008.0/SRPMS/subversion-1.4.6-0.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
d2dc1a7c23e265921b5e83e072dcb526 2008.0/x86_64/apache-mod_dav_svn-1.4.6-0.1mdv2008.0.x86_64.rpm
1578ba8e81f5edaccb5b7480af024fa3 2008.0/x86_64/apache-mod_dontdothat-1.4.6-0.1mdv2008.0.x86_64.rpm
b58016a752f50ac8aaa6d67726de623c 2008.0/x86_64/lib64svn0-1.4.6-0.1mdv2008.0.x86_64.rpm
7ca88436f8cd2bc7321e12a6a02c2824 2008.0/x86_64/perl-SVN-1.4.6-0.1mdv2008.0.x86_64.rpm
e382668163319e51c4bd2d9358044398 2008.0/x86_64/perl-SVN-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
90b0a44a6ab7f8e4327119c8106146fa 2008.0/x86_64/python-svn-1.4.6-0.1mdv2008.0.x86_64.rpm
3d023a5d181b7763f8ffa22cf4c719f2 2008.0/x86_64/python-svn-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
7537fb41775f4a3a9ce1bcd1e7b8f864 2008.0/x86_64/ruby-svn-1.4.6-0.1mdv2008.0.x86_64.rpm
8181a0346c21330e051e6b21ff7f427d 2008.0/x86_64/ruby-svn-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
40c011c5a55c79bfa511d45a70d49ca0 2008.0/x86_64/subversion-1.4.6-0.1mdv2008.0.x86_64.rpm
41e25eea5b66b9e14fcfe5da71f74b59 2008.0/x86_64/subversion-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
87830dab8b9a81caa567808317eb3d4d 2008.0/x86_64/subversion-doc-1.4.6-0.1mdv2008.0.x86_64.rpm
6b5f409f5e161a511595d511ec4f98b5 2008.0/x86_64/subversion-server-1.4.6-0.1mdv2008.0.x86_64.rpm
bcb8d52a88a0dc5038695619d66bcb2d 2008.0/x86_64/subversion-tools-1.4.6-0.1mdv2008.0.x86_64.rpm
466aa45fda5d8b6f5adc9cad6f82f9a1 2008.0/x86_64/svn-javahl-1.4.6-0.1mdv2008.0.x86_64.rpm
d3e0dc4a1b890e198d3c20c54109435e 2008.0/x86_64/svn-javahl-javadoc-1.4.6-0.1mdv2008.0.x86_64.rpm
a7690f81b87fb9c56f6fd2656b63cc55 2008.0/SRPMS/subversion-1.4.6-0.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHTP6mqjQ0CJFipgRAvQ7AJ49r9UXZTqBgNHXad7MN1AcYpaKFACg8F4/
R5JDcgcV6fXLLTBYOmyclZk=
=RoF5
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists