Solution
Please Install the Updated Packages.
Insight
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution.
(CVE-2009-2411)
All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
Affected
mod_dav_svn on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2411 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities