[3.1] subversion: Security issues (CVE-2016-2167, CVE-2016-2168)
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm
svnserve, the svn:// protocol server, can optionally use the Cyrus SASL
library for authentication, integrity protection, and encryption.
Due to a programming oversight, authentication against Cyrus SASL would
permit the remote user to specify a realm string which is a prefix of
the expected realm string.
Fixed In Version:
Subversion 1.8.16
Subversion 1.9.4
References:
https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2167
CVE-2016-2168: DoS in mod_authz_svn during COPY/MOVE authorization check
Subversion’s httpd servers are vulnerable to a remotely trigger able
crash in the mod_authz_svn module. The crash can occur during an
authorization
check for a COPY or MOVE request with a specially crafted header value.
This allows remote attackers to cause a denial of service.
Fixed In Version:
Subversion 1.8.16
Subversion 1.9.4
References:
https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2168
(from redmine: issue id 5530, created on 2016-05-02, closed on 2016-06-15)
- Relations:
- parent #5526 (closed)
- Changesets:
- Revision 01971187 on 2016-06-14T11:55:17Z:
main/subversion: security upgrade to 1.8.16 (CVE-2016-2167, CVE-2016-2168). Fixes #5530
(cherry picked from commit fe1d1a2fab1c84836f19bfa20a7e548b8a6ac9dd)