Holes closed in Subversion version control system
New versions of the Subversion version management system fix vulnerabilities in the client and server which could allow an attacker to gain control of a system. The cause of the problems are multiple heap overflows in the
libsvn_delta library, which may occur when the library is parsing difference data streams (binary deltas). According to the developers, a client with commit access can cause a remote heap overflow on the server and a server can cause a heap overflow on clients that attempt a checkout or update.
Subversion releases up to and including 1.5.6 and from 1.6.0 to 1.6.3 are affected. The developers have released updates as Subversion 1.6.4 and 1.5.7 with the errors corrected. Linux distributors are already distributing new packages in their distributions and there is also a source code patch available.
The error is related to an integer overflow in the Apache Portable Runtime (APR) on which Subversion is based. Patches for APR are already available.
- Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas, advisory from Subversion.