Fedora 11 Update: subversion-1.6.4-2.fc11
Summary
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
Update Information:
This update includes the latest stable release of Subversion, fixing many bugs and a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious userswith commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) This update also adds support for storing passwords in the GNOME Keyring or KDE Wallet, via the new subversion-gnome and subversion-kde subpackages. For more details of the bug fixes included in this update, see: http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
Change Log
* Fri Aug 7 2009 Joe Orton
References
[ 1 ] Bug #514744 - CVE-2009-2411 subversion: integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=514744
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at .