MGASA-2016-0161
- Source
- https://advisories.mageia.org/MGASA-2016-0161.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0161.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0161
- Related
- Published
- 2016-05-05T09:05:33Z
- Modified
- 2016-05-05T08:59:16Z
- Summary
- Updated subversion packages fix security vulnerabilities
- Details
-
Updated subversion packages fix security vulnerabilities:
Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially allowing a user to authenticate using the wrong realm (CVE-2016-2167).
Ivan Zhakov of VisualSVN discovered a remotely triggerable denial of service vulnerability in the modauthzsvn module during COPY or MOVE authorization check. An authenticated remote attacker could take advantage of this flaw to cause a denial of service (Subversion server crash) via COPY or MOVE requests with specially crafted header (CVE-2016-2168).
- References
-
- https://advisories.mageia.org/MGASA-2016-0161.html
- https://bugs.mageia.org/show_bug.cgi?id=18299
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA@mail.gmail.com%3E
- http://svn.apache.org/repos/asf/subversion/tags/1.8.16/CHANGES
- http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
- http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
- https://www.debian.org/security/2016/dsa-3561
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / subversion
Package
- Name
- subversion
- Purl
- pkg:rpm/mageia/subversion?distro=mageia-5