Medium: mod_dav_svn

Issue Overview:

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167)

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168)

Affected Packages:

mod_dav_svn

Issue Correction:
Run yum update mod_dav_svn to update your system.

New Packages:

i686:  
    mod_dav_svn-debuginfo-1.9.4-2.52.amzn1.i686  
    mod_dav_svn-1.9.4-2.52.amzn1.i686  
  
src:  
    mod_dav_svn-1.9.4-2.52.amzn1.src  
  
x86_64:  
    mod_dav_svn-1.9.4-2.52.amzn1.x86_64  
    mod_dav_svn-debuginfo-1.9.4-2.52.amzn1.x86_64  

Additional References

Red Hat: CVE-2016-2167, CVE-2016-2168

Mitre: CVE-2016-2167, CVE-2016-2168