Scientific Linux Security Update : subversion on SL4.x, SL5.x i386/x86_64
High Nessus Plugin ID 60638
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionCVE-2009-2411 subversion: multiple heap overflow issues
Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411)
After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
SolutionUpdate the affected packages.