Web Software Architecture and Engineering – Life on the Bleeding Edge

Subversion 1.6.4 has been released to fix a vulnerability.
Version 1.6.4
(06 Aug 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.4

User-visible changes:
* fixed: heap overflow vulnerability on server and client
See CVE-2009-2411, and descriptive advisory at
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

More details below.

Subversion 1.6.4 has been released, available from:

    http://subversion.tigris.org/downloads/subversion-1.6.4.tar.bz2

    http://subversion.tigris.org/downloads/subversion-1.6.4.tar.gz

    http://subversion.tigris.org/downloads/subversion-1.6.4.zip

    http://subversion.tigris.org/downloads/subversion-deps-1.6.4.tar.bz2

    http://subversion.tigris.org/downloads/subversion-deps-1.6.4.tar.gz

    http://subversion.tigris.org/downloads/subversion-deps-1.6.4.zip

 

THIS IS A SECURITY RELEASE, addressing the issue
described at:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2411

The CVE page may not be public yet when you read this,
but will be soon.

The full text of the advisory is available at:

    http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

This security issue affects both clients and
servers.  Clients with commit access to a
vulnerable server can cause a remote heap overflow.  Servers can cause a heap overflow on vulnerable
clients that try to do a checkout or update. 
Subversion 1.6.4 differs from 1.6.4 only in the fix for this issue.  Upgrading to Subversion 1.6.4 (or Subversion
1.5.7, released

simultaneously) is therefore strongly recommended for
Subversion client and server installations on all platforms.

Release notes for the 1.6.x release series may be found
at:

    http://subversion.tigris.org/svn_1.6_releasenotes.html

You can find the list of changes between 1.6.4 and
earlier versions at:

    http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: