mod_dav_svn, subversion security update

CentOS Errata and Security Advisory CESA-2009:1203

Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.

Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion
(server and client) when parsing binary deltas. A malicious user with
commit access to a server could use these flaws to cause a heap overflow on
that server. A malicious server could use these flaws to cause a heap
overflow on a client when it attempts to checkout or update. These heap
overflows can result in a crash or, possibly, arbitrary code execution.
(CVE-2009-2411)

All Subversion users should upgrade to these updated packages, which
contain a backported patch to correct these issues. After installing the
updated packages, the Subversion server must be restarted for the update
to take effect: restart httpd if you are using mod_dav_svn, or restart
svnserve if it is used.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-August/078232.html
https://lists.centos.org/pipermail/centos-announce/2009-August/078233.html

Affected packages:
mod_dav_svn
subversion
subversion-devel
subversion-javahl
subversion-perl
subversion-ruby

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1203