subversion: Security issues (CVE-2016-2167, CVE-2016-2168)
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm
svnserve, the svn:// protocol server, can optionally use the Cyrus SASL
library for authentication, integrity protection, and encryption.
Due to a programming oversight, authentication against Cyrus SASL would
permit the remote user to specify a realm string which is a prefix of
the expected realm string.
Fixed In Version:
Subversion 1.8.16
Subversion 1.9.4
References:
https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2167
CVE-2016-2168: DoS in mod_authz_svn during COPY/MOVE authorization check
Subversion’s httpd servers are vulnerable to a remotely trigger able
crash in the mod_authz_svn module. The crash can occur during an
authorization
check for a COPY or MOVE request with a specially crafted header value.
This allows remote attackers to cause a denial of service.
Fixed In Version:
Subversion 1.8.16
Subversion 1.9.4
References:
https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2168
(from redmine: issue id 5526, created on 2016-05-02, closed on 2016-06-15)
- Relations:
- child #5527 (closed)
- child #5528 (closed)
- child #5529 (closed)
- child #5530 (closed)
- child #5531 (closed)