Arch Linux Security Advisory ASA-201508-5 ========================================= Severity: Medium Date : 2015-08-14 CVE-ID : CVE-2015-3184 CVE-2015-3187 Package : subversion Type : authentication bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package subversion before version 1.9.0-1 is vulnerable to authentication bypass. Resolution ========== Upgrade to 1.9.0-1. # pacman -Syu "subversion>=1.9.0-1" The problem has been fixed upstream in version 1.9.0, 1.8.14 and 1.7.21. Workaround ========== CVE-2015-3184 can be mitigated by disabling mixed anonymous/authenticated authz. There is no known workaround for CVE-2015-3187. Description =========== - CVE-2015-3184: Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. - CVE-2015-3187: Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerability only reveals the path, it does not reveal the contents of the path. Impact ====== A remote unauthenticated attacker may be able to access files that should be restricted to authenticated user. References ========== https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3184 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3187 https://subversion.apache.org/security/CVE-2015-3184-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt