Fedora Local Security Checks : Fedora Core 2 FEDORA-2004-166 (subversion)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.50377

Category: Fedora Local Security Checks

Title: Fedora Core 2 FEDORA-2004-166 (subversion)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to subversion
announced via advisory FEDORA-2004-166.

Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.

Update Information:

A heap overflow vulnerability was discovered in the svn:// protocol
handling library, libsvn_ra_svn. If using the svnserve daemon,
an unauthenticated client may be able execute arbitrary code as
the user the daemon runs as. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0413.

This issue does not affect the mod_dav_svn module.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

453a16f649e7b5ff502d6379253bbb05 SRPMS/subversion-1.0.4-2.src.rpm
746cc7b03fe3e4b02f7374b8a03850ad i386/subversion-1.0.4-2.i386.rpm
1dd7fd91e468d7af15e1d253c7ef1f08 i386/subversion-devel-1.0.4-2.i386.rpm
05adf7825b9d708c9eba80f359fa33d7 i386/mod_dav_svn-1.0.4-2.i386.rpm
09a54699d17c43dc7f0e585acea64455 i386/subversion-perl-1.0.4-2.i386.rpm
7c5040ab4f0cf6c5305d8edb686c0b5c i386/debug/subversion-debuginfo-1.0.4-2.i386.rpm
640cafcc4e668e1ddf643d10d743e411 x86_64/subversion-1.0.4-2.x86_64.rpm
8140bffe9f94215a83ae2154e4f57c87 x86_64/subversion-devel-1.0.4-2.x86_64.rpm
939e83497404a0a0d4076b33329da3b5 x86_64/mod_dav_svn-1.0.4-2.x86_64.rpm
02c26dbdd27506b6bb7193abe3be7197 x86_64/subversion-perl-1.0.4-2.x86_64.rpm
7ed77899f4912048dececb765d091541 x86_64/debug/subversion-debuginfo-1.0.4-2.x86_64.rpm

This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.

Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-166.shtml

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: BugTraq ID: 10519
Common Vulnerability Exposure (CVE) ID: CVE-2004-0413
http://www.securityfocus.com/bid/10519
Bugtraq: 20041012 [FMADV] Subversion <= 1.04 Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/365836
http://www.securityfocus.com/advisories/6847
https://bugzilla.fedora.us/show_bug.cgi?id=1748
http://www.gentoo.org/security/en/glsa/glsa-200406-07.xml
SuSE Security Announcement: SuSE-SA:2004:018 (Google Search)
http://www.novell.com/linux/security/advisories/2004_18_subversion.html
XForce ISS Database: subversion-svn-bo(16396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16396

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.50377
Category:	Fedora Local Security Checks
Title:	Fedora Core 2 FEDORA-2004-166 (subversion)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to subversion announced via advisory FEDORA-2004-166. Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. Update Information: A heap overflow vulnerability was discovered in the svn:// protocol handling library, libsvn_ra_svn. If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the user the daemon runs as. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0413. This issue does not affect the mod_dav_svn module. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 453a16f649e7b5ff502d6379253bbb05 SRPMS/subversion-1.0.4-2.src.rpm 746cc7b03fe3e4b02f7374b8a03850ad i386/subversion-1.0.4-2.i386.rpm 1dd7fd91e468d7af15e1d253c7ef1f08 i386/subversion-devel-1.0.4-2.i386.rpm 05adf7825b9d708c9eba80f359fa33d7 i386/mod_dav_svn-1.0.4-2.i386.rpm 09a54699d17c43dc7f0e585acea64455 i386/subversion-perl-1.0.4-2.i386.rpm 7c5040ab4f0cf6c5305d8edb686c0b5c i386/debug/subversion-debuginfo-1.0.4-2.i386.rpm 640cafcc4e668e1ddf643d10d743e411 x86_64/subversion-1.0.4-2.x86_64.rpm 8140bffe9f94215a83ae2154e4f57c87 x86_64/subversion-devel-1.0.4-2.x86_64.rpm 939e83497404a0a0d4076b33329da3b5 x86_64/mod_dav_svn-1.0.4-2.x86_64.rpm 02c26dbdd27506b6bb7193abe3be7197 x86_64/subversion-perl-1.0.4-2.x86_64.rpm 7ed77899f4912048dececb765d091541 x86_64/debug/subversion-debuginfo-1.0.4-2.x86_64.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-166.shtml Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 10519 Common Vulnerability Exposure (CVE) ID: CVE-2004-0413 http://www.securityfocus.com/bid/10519 Bugtraq: 20041012 [FMADV] Subversion <= 1.04 Heap Overflow (Google Search) http://www.securityfocus.com/archive/1/365836 http://www.securityfocus.com/advisories/6847 https://bugzilla.fedora.us/show_bug.cgi?id=1748 http://www.gentoo.org/security/en/glsa/glsa-200406-07.xml SuSE Security Announcement: SuSE-SA:2004:018 (Google Search) http://www.novell.com/linux/security/advisories/2004_18_subversion.html XForce ISS Database: subversion-svn-bo(16396) https://exchange.xforce.ibmcloud.com/vulnerabilities/16396
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com