[SECURITY] Fedora Core 2 Update: subversion-1.0.4-2

Joe Orton jorton at redhat.com
Fri Jun 11 19:20:32 UTC 2004


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-166
2004-06-11
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : subversion
Version     : 1.0.4                      
Release     : 2                  
Summary     : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes.  Subversion only stores the differences between versions,
instead of every complete file.  Subversion is intended to be a
compelling replacement for CVS.

---------------------------------------------------------------------
Update Information:

A heap overflow vulnerability was discovered in the svn:// protocol
handling library, libsvn_ra_svn.  If using the svnserve daemon,
an unauthenticated client may be able execute arbitrary code as
the user the daemon runs as.  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0413.

This issue does not affect the mod_dav_svn module.

---------------------------------------------------------------------
* Mon Jun 07 2004 Joe Orton <jorton at redhat.com> 1.0.4-2

- add ra_svn security fix for CVE CAN-2004-0413 (Ben Reser)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

453a16f649e7b5ff502d6379253bbb05  SRPMS/subversion-1.0.4-2.src.rpm
746cc7b03fe3e4b02f7374b8a03850ad  i386/subversion-1.0.4-2.i386.rpm
1dd7fd91e468d7af15e1d253c7ef1f08  i386/subversion-devel-1.0.4-2.i386.rpm
05adf7825b9d708c9eba80f359fa33d7  i386/mod_dav_svn-1.0.4-2.i386.rpm
09a54699d17c43dc7f0e585acea64455  i386/subversion-perl-1.0.4-2.i386.rpm
7c5040ab4f0cf6c5305d8edb686c0b5c  i386/debug/subversion-debuginfo-1.0.4-2.i386.rpm
640cafcc4e668e1ddf643d10d743e411  x86_64/subversion-1.0.4-2.x86_64.rpm
8140bffe9f94215a83ae2154e4f57c87  x86_64/subversion-devel-1.0.4-2.x86_64.rpm
939e83497404a0a0d4076b33329da3b5  x86_64/mod_dav_svn-1.0.4-2.x86_64.rpm
02c26dbdd27506b6bb7193abe3be7197  x86_64/subversion-perl-1.0.4-2.x86_64.rpm
7ed77899f4912048dececb765d091541  x86_64/debug/subversion-debuginfo-1.0.4-2.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/announce/attachments/20040611/a39c54a6/attachment.bin 


More information about the announce mailing list