Gentoo Security Advisory GLSA 200405-14 (subversion) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200405-14.

Solution

All Subversion users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=dev-util/subversion-1.0.3' # emerge '>=dev-util/subversion-1.0.3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200405-14 http://bugs.gentoo.org/show_bug.cgi?id=51462 http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125 http://security.e-matters.de/advisories/082004.html

Insight

There is a vulnerability in the Subversion date parsing code which may lead to denial of service attacks, or execution of arbitrary code. Both the client and server are vulnerable.

Severity

Classification

CVE CVE-2004-0397

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200405-12 (cvs)
Gentoo Security Advisory GLSA 200409-15 (Usermin)
Gentoo Security Advisory GLSA 200408-23 (kdelibs)
Gentoo Security Advisory GLSA 200311-08 (Libnids)
Gentoo Security Advisory GLSA 200405-24 (mplayer)

Take action and discover your vulnerabilities