USN-812-1: Subversion vulnerability

view full story

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-2411 Description:  =========================================================== Ubuntu Security Notice USN-812-1 August 08, 2009 subversion vulnerability CVE-2009-2411 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsvn0 1.3.1-3ubuntu1.2 Ubuntu 8.04 LTS: libsvn1 1.4.6dfsg1-2ubuntu1.1 Ubuntu 8.10: libsvn1 1.5.1dfsg1-1ubuntu2.1 Ubuntu 9.04: libsvn1 1.5.4dfsg1-1ubuntu2.1 After a standard system upgrade you need to restart any applications that use Subversion, such as Apache when using mod_dav_svn, to effect the necessary changes. Details follow: Matt Lewis discovered that Subversion did not properly sanitize its input when processing svndiff streams, leading to various integer and heap overflows. If a user or automated system processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user processing the input. (Distributions)