Summary
The remote host is missing an update to subversion announced via advisory MDVSA-2009:199.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:199
Insight
A vulnerability has been found and corrected in subversion:
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412 (CVE-2009-2411).
This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed.
Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
Severity
Classification
-
CVE CVE-2009-2411, CVE-2009-2412 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities