FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-2411

This CVE name corresponds to:

Entered Topic
2009-08-06 subversion -- heap overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-2411 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-2411
Phase Assigned(20090709)

Description

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

References

Source Reference
BUGTRAQ 20090807 Subversion heap overflow
MLIST [dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411
MLIST [dev] 20090806 Subversion 1.5.7 Released
MLIST [dev] 20090806 Subversion 1.6.4 Released
CONFIRM http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
CONFIRM http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
CONFIRM http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
CONFIRM http://support.apple.com/kb/HT3937
APPLE APPLE-SA-2009-11-09-1
DEBIAN DSA-1855
FEDORA FEDORA-2009-8432
FEDORA FEDORA-2009-8449
MANDRIVA MDVSA-2009:199
REDHAT RHSA-2009:1203
UBUNTU USN-812-1
BID 35983
OSVDB 56856
OVAL oval:org.mitre.oval:def:11465
SECTRACK 1022697
SECUNIA 36184
SECUNIA 36224
SECUNIA 36232
SECUNIA 36257
SECUNIA 36262
VUPEN ADV-2009-2180
VUPEN ADV-2009-3184

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.