LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 10 Update: subversion-1.6.4-2.fc10 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora This update includes the latest stable release of Subversion, including several enhancements, many bug fixes, and a fix for a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious users with commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) Version 1.6 offers many bug fixes and enhancements over 1.5, with the notable major features: - identical files share storage space in repository - file-externals support for intra-repository files - "tree" conflicts now handled more gracefully - repository root relative URL support on most commands For more information on changes in 1.6, see the release notes: http://subversion.tigris.org/svn_1.6_releasenotes.html This update includes the latest release of Subversion, version 1.6.2. Version 1.6 offers many bug fixes and enhancements over 1.5, with the notable major features: * identical files share storage space in repository * file- externals support for intra-repository files * "tree" conflicts now handled more gracefully * repository root relative URL support on most commands
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-8432
2009-08-10 21:15:14
--------------------------------------------------------------------------------

Name        : subversion
Product     : Fedora 10
Version     : 1.6.4
Release     : 2.fc10
URL         : http://subversion.tigris.org/
Summary     : A Modern Concurrent Version Control System
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

--------------------------------------------------------------------------------
Update Information:

This update includes the latest stable release of Subversion, including several
enhancements, many bug fixes, and a fix for a security issue:    Matt Lewis
reported multiple heap overflow flaws in Subversion (servers and clients) when
parsing binary deltas. Malicious users with commit access to a vulnerable server
could uses these flaws to cause a heap overflow on the server running
Subversion. A malicious Subversion server could use these flaws to cause a heap
overflow on vulnerable clients when they attempt to checkout or update,
resulting in a crash or, possibly, arbitrary code execution on the vulnerable
client. (CVE-2009-2411)    Version 1.6 offers many bug fixes and enhancements
over 1.5, with the notable major features:    - identical files share storage
space in repository  - file-externals support for intra-repository files  -
"tree" conflicts now handled more gracefully  - repository root relative URL
support on most commands    For more information on changes in 1.6, see the
release notes:    http://subversion.tigris.org/svn_1.6_releasenotes.html    This
update includes the latest release of Subversion, version 1.6.2.    Version 1.6
offers many bug fixes and enhancements over 1.5, with the notable major
features:     * identical files share storage space in repository   * file-
externals support for intra-repository files   * "tree" conflicts now handled
more gracefully   * repository root relative URL support on most commands
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug  7 2009 Joe Orton  1.6.4-2
- update to 1.6.4
* Thu May 28 2009 Joe Orton  1.6.2-2.fc10
- update to 1.6.2 (#500933, #469524)
* Fri Jan 30 2009 Joe Orton  1.5.5-4.fc10
- rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #514744 - CVE-2009-2411 subversion: integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=514744
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update subversion' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.