Sicherheit: Zahlenüberläufe in subversion

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1260216389-24326-1793

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:199-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : subversion
Date : December 7, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in subversion:

Multiple integer overflows in the libsvn_delta library in Subversion
before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users
and remote Subversion servers to execute arbitrary code via an svndiff
stream with large windows that trigger a heap-based buffer overflow,
a related issue to CVE-2009-2412 (CVE-2009-2411).

This update provides a solution to this vulnerability and in turn
upgrades subversion where possible to provide additional features
and upstream bugfixes and adds required dependencies where needed.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
cd8730247a1f1b95cd6a5d0ccdb4d25e
2008.0/i586/apache-mod_dav_svn-1.4.6-0.1mdv2008.0.i586.rpm
8856d2f5d4002dcfc90bbe4d83d97467
2008.0/i586/apache-mod_dontdothat-1.4.6-0.1mdv2008.0.i586.rpm
5f827bc98c06636cc9309d870924eb00
2008.0/i586/libsvn0-1.4.6-0.1mdv2008.0.i586.rpm
8cbae8ef77447948e07a57c9f8d61264
2008.0/i586/perl-SVN-1.4.6-0.1mdv2008.0.i586.rpm
6fac9b4c061f4f4602586c986353172d
2008.0/i586/perl-SVN-devel-1.4.6-0.1mdv2008.0.i586.rpm
5e8f67c21f67b90105beaf6104bf5190
2008.0/i586/python-svn-1.4.6-0.1mdv2008.0.i586.rpm
e78ecf59828acd7af3c7063526f82c76
2008.0/i586/python-svn-devel-1.4.6-0.1mdv2008.0.i586.rpm
1a7b5441ab5e443e410a9aefbc4e3435
2008.0/i586/ruby-svn-1.4.6-0.1mdv2008.0.i586.rpm
52f1007346c2911077eebccd66c5a3ef
2008.0/i586/ruby-svn-devel-1.4.6-0.1mdv2008.0.i586.rpm
3bcb28b4d850cd4675a71244fd752aef
2008.0/i586/subversion-1.4.6-0.1mdv2008.0.i586.rpm
81e05e627d9c09aaf503a45d54b636a4
2008.0/i586/subversion-devel-1.4.6-0.1mdv2008.0.i586.rpm
eb5af70ee51862cde7e85e6c891175af
2008.0/i586/subversion-doc-1.4.6-0.1mdv2008.0.i586.rpm
4c45cfef462f13ba285bf68358dde747
2008.0/i586/subversion-server-1.4.6-0.1mdv2008.0.i586.rpm
1cc20e97ecc78474e3bd715efb22d9bd
2008.0/i586/subversion-tools-1.4.6-0.1mdv2008.0.i586.rpm
592799a80610eb351deb49f8bd5ea31b
2008.0/i586/svn-javahl-1.4.6-0.1mdv2008.0.i586.rpm
2e41bd21eda3a5fdce88f6ebb95550ef
2008.0/i586/svn-javahl-javadoc-1.4.6-0.1mdv2008.0.i586.rpm
a7690f81b87fb9c56f6fd2656b63cc55
2008.0/SRPMS/subversion-1.4.6-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d2dc1a7c23e265921b5e83e072dcb526
2008.0/x86_64/apache-mod_dav_svn-1.4.6-0.1mdv2008.0.x86_64.rpm
1578ba8e81f5edaccb5b7480af024fa3
2008.0/x86_64/apache-mod_dontdothat-1.4.6-0.1mdv2008.0.x86_64.rpm
b58016a752f50ac8aaa6d67726de623c
2008.0/x86_64/lib64svn0-1.4.6-0.1mdv2008.0.x86_64.rpm
7ca88436f8cd2bc7321e12a6a02c2824
2008.0/x86_64/perl-SVN-1.4.6-0.1mdv2008.0.x86_64.rpm
e382668163319e51c4bd2d9358044398
2008.0/x86_64/perl-SVN-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
90b0a44a6ab7f8e4327119c8106146fa
2008.0/x86_64/python-svn-1.4.6-0.1mdv2008.0.x86_64.rpm
3d023a5d181b7763f8ffa22cf4c719f2
2008.0/x86_64/python-svn-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
7537fb41775f4a3a9ce1bcd1e7b8f864
2008.0/x86_64/ruby-svn-1.4.6-0.1mdv2008.0.x86_64.rpm
8181a0346c21330e051e6b21ff7f427d
2008.0/x86_64/ruby-svn-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
40c011c5a55c79bfa511d45a70d49ca0
2008.0/x86_64/subversion-1.4.6-0.1mdv2008.0.x86_64.rpm
41e25eea5b66b9e14fcfe5da71f74b59
2008.0/x86_64/subversion-devel-1.4.6-0.1mdv2008.0.x86_64.rpm
87830dab8b9a81caa567808317eb3d4d
2008.0/x86_64/subversion-doc-1.4.6-0.1mdv2008.0.x86_64.rpm
6b5f409f5e161a511595d511ec4f98b5
2008.0/x86_64/subversion-server-1.4.6-0.1mdv2008.0.x86_64.rpm
bcb8d52a88a0dc5038695619d66bcb2d
2008.0/x86_64/subversion-tools-1.4.6-0.1mdv2008.0.x86_64.rpm
466aa45fda5d8b6f5adc9cad6f82f9a1
2008.0/x86_64/svn-javahl-1.4.6-0.1mdv2008.0.x86_64.rpm
d3e0dc4a1b890e198d3c20c54109435e
2008.0/x86_64/svn-javahl-javadoc-1.4.6-0.1mdv2008.0.x86_64.rpm
a7690f81b87fb9c56f6fd2656b63cc55
2008.0/SRPMS/subversion-1.4.6-0.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLHTP6mqjQ0CJFipgRAvQ7AJ49r9UXZTqBgNHXad7MN1AcYpaKFACg8F4/
R5JDcgcV6fXLLTBYOmyclZk=
=RoF5
-----END PGP SIGNATURE-----

------------=_1260216389-24326-1793
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260216389-24326-1793--