Mandriva Linux Security Advisory 2009-199 - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. Packages for 2008.0 are being provided due to extended support for Corporate products.
35f14e547986c134bc886a49f42bf2925249db96e8091e085536465b0d77f8fdGentoo Linux Security Advisory GLSA 200908-05 - Multiple integer overflows, leading to heap-based buffer overflows in the Subversion client and server might allow remote attackers to execute arbitrary code. Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Versions less than 1.6.4 are affected.
d43f69725d63bd8f7091d436ccc1cfea30581f616138c0d0af38760567e35a80SUSE Security Announcement - The ibsvn_delta library in Subversion is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation.
6a78b4f37e3feb3c74472559d5038b900e35177e18a1264f90125966092d0cebMandriva Linux Security Advisory 2009-199 - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed.
e7c8680397a5a724be5728da7c103481f932ceb85a6f31653c8bf3d83e2c9004Debian Security Advisory 1855-1 - Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
091c4e138fbb96dbc2b240742cf04167bc31fcdc55cede5205d2d8a15b5c237dSubversion clients and servers, versions 1.6.0 through 1.6.3 and all versions prior to 1.5.7 suffer from several heap overflow vulnerabilities.
5fb21fd196a47fa32c9f15781dc6291a103c336a288af6ec506249d1ea6ca4a5Ubuntu Security Notice USN-812-1 - Matt Lewis discovered that Subversion did not properly sanitize its input when processing svndiff streams, leading to various integer and heap overflows. If a user or automated system processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user processing the input.
b2b70a6cc53f98c6c6f9466fe8dfaecbc0c3b541bca84dc872d67c477b1ef983
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed