| Upgrade Subversion Now: Security Threat Identified |
|
Recently Subversion 1.6.4 and Subversion 1.5.7 were released because a security problem has been identified in all earlier version of Subversion (SVN) i.e. all versions of Subversion prior to 1.5.7 and also Subversion 1.6.0-1.6.3.
The security problems are described in: http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt For those of you who find descriptions like "heap overflow" a little hard to understand, the bottom line is unless you upgrade to 1.5.7 or 1.6.4/5, hackers can upload a highly privileged program onto your Subversion server with the intent of doing harm or accessing your data. Following access to your server they can also exploit your client machine so Subversion needs to also be upgraded there too. The software skills required to do this hack are not particularly advanced and although the security hole has been found and plugged the vulnerability has been widely publicised. The advice of Clearvision is to upgrade. If you are using Subversion 1,5.x an upgrade to 1.5.7 is easy and quick – alternatively you can move to Subversion 1.6.5 – its the latest and greatest... For further advice, Subversion Consulting, Subversion Training and Subversion Support please contact Clearvision. |