SuSE Security Advisory SUSE-SA:2009:044 (subversion) Network Vulnerability

Summary

The remote host is missing updates announced in advisory SUSE-SA:2009:044.

Solution

Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:044

Insight

Subversion is a revision control system, which is mainly used for code development. The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. This bug can be exploited by clients with commit access to cause a remote denial-of-service or arbitrary code execution. It can also be exploited in the other direction from a server to a client that tries to do a checkout or update.

Severity

Classification

CVE CVE-2009-2411, CVE-2009-2666
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for Mozilla
SLES10: Security update for Mozilla Firefox
SLES10: Security update for IBM Java
SLES10: Security update for Linux kernel
SLES10: Security update for nagios

Take action and discover your vulnerabilities