[3.4] subversion: Security issues (CVE-2016-2167, CVE-2016-2168)
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm
svnserve, the svn:// protocol server, can optionally use the Cyrus SASL
library for authentication, integrity protection, and encryption.
Due to a programming oversight, authentication against Cyrus SASL would
permit the remote user to specify a realm string which is a prefix of
the expected realm string.
Fixed In Version:
Subversion 1.8.16
Subversion 1.9.4
References:
https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2167
CVE-2016-2168: DoS in mod_authz_svn during COPY/MOVE authorization check
Subversion’s httpd servers are vulnerable to a remotely trigger able
crash in the mod_authz_svn module. The crash can occur during an
authorization
check for a COPY or MOVE request with a specially crafted header value.
This allows remote attackers to cause a denial of service.
Fixed In Version:
Subversion 1.8.16
Subversion 1.9.4
References:
https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2168
(from redmine: issue id 5527, created on 2016-05-02, closed on 2016-06-15)
- Relations:
- parent #5526 (closed)
- Changesets:
- Revision 28ac3cd4 by Natanael Copa on 2016-05-30T17:48:57Z:
main/subversion: security upgrade to 1.9.4 (CVE-2016-2167,CVE-2016-2168)
fixes #5527