Arch Linux Security Advisory ASA-201606-6 ========================================= Severity: Medium Date : 2016-06-08 CVE-ID : CVE-2016-2167 CVE-2016-2168 Package : subversion Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package subversion before version 1.9.4-1 is vulnerable to authentication restriction bypass and denial of service. Resolution ========== Upgrade to 1.9.4-1. # pacman -Syu "subversion>=1.9.4-1" The problems have been fixed upstream in version 1.9.4. Workaround ========== None. Description =========== - CVE-2016-2167 (authentication restriction bypass) The canonicalize_username function in svnserve/cyrus_auth.c, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. - CVE-2016-2168 (denial of service) The req_check_access function in the mod_authz_svn module in the httpd server allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. Impact ====== A remote attacker is able to bypass authentication restrictions under certain circumstances by authenticating to an unexpected repository realm or perform a denial of service attack via a request with a specially crafted header. References ========== https://access.redhat.com/security/cve/CVE-2016-2167 https://access.redhat.com/security/cve/CVE-2016-2168 https://subversion.apache.org/security/CVE-2016-2167-advisory.txt https://subversion.apache.org/security/CVE-2016-2168-advisory.txt