News | Mail Archive | OS Software Downloads Ad Info ::
Subject: Databases | Java | Linux | Open Source | XML | Data | Tech

Login
 Username
 Password
 Remember me


 Become a Member!
 Login Problems?

Contribute:
· News/Reviews/Release
· Submit a New App!

Misc:
· My Account
· Editorial Feedback
· Logout
News via email
Enter your Email
IT Discussion Community for software programmers, web developers, and linux fans alike.
Recently Updated Mail Archives
linux-media
fedora-list
kde-bugs-dist
ubuntu-users
xubuntu-users
kdepim-bugs
ruby-talk
bug-gnubg-gnu
mobile-l
dev.ofbiz.apache.org
derby-user-db-apache
fedora-devel-list
debian-russian-debian
debian-bugs-rc
wine-bugs
hive-user-hadoop-apache
linux-kernel
ubuntu-devel-discuss
GoogleWebToolkit
jQuery
Popular Mail Lists: windows linux solaris osx ubuntu fedora enterprise crm ruby python java xml perl php cvs subversion version contol db
database mysql postgresql mobile telephony voip apple apache
all
sitemap (mail)


Posted May 19, 2004

Subversion 1.0.3 Upgrade Now

      
The Subversion development team has released version 1.0.3. This is a security bugfix release and the team suggests all Subversion users upgrade... now!

"Subversion versions up to and including 1.0.2 have a buffer overflow in the date parsing code.

Both client and server are vulnerable. The server is vulnerable over both httpd/DAV and svnserve (that is, over http://, https://, svn://, svn+ssh:// and other tunneled svn+*:// methods).

Additionally, clients with shared working copies, or permissions that allow files in the administrative area of the working copy to be written by other users, are potentially exploitable.

Severity:
=========

Severity ranges from "Denial of Service" to, potentially, "Arbitrary Code Execution", depending upon how skilled the attacker is and the ABI specifics of your platform.

The server vulnerabilities can be triggered without write/commit access to the repository. So repositories with anonymous/public read access are vulnerable.

Workarounds:
============

There are no workarounds except to disallow public access. Even then you'd still be vulnerable to attack by someone who still has access (perhaps you trust those people, though).

Recommendations:
================

We recommend all users upgrade to 1.0.3."

Subversion
Login/Become a Member! | 0 Comments
Threshold
Comments are owned by the poster. We aren't responsible for their content.

Advertise With Us! | Comments are property of their posters.
Copyrighted (c) 2009, but we're happy to let you use what you wish with attribution. OSDir.com
All logos and trademarks are the property of their respective owners.
OSDir is an inevitable website. super tiny logo | Contact | Privacy Policy

Page created in 0.182892 seconds.