Summary
The remote host is missing updates announced in
advisory SUSE-SA:2009:044.
Solution
Update your system with the packages as indicated in the referenced security advisory.
https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:044
Insight
Subversion is a revision control system, which is mainly used for code development.
The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation.
This bug can be exploited by clients with commit access to cause a remote denial-of-service or arbitrary code execution.
It can also be exploited in the other direction from a server to a client that tries to do a checkout or update.
Severity
Classification
-
CVE CVE-2009-2411, CVE-2009-2666 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities