RHEL 7 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: moddavsvn integer overflow when parsing skel-encoded request bodies CVE-2015-5343 - The...

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: Command injection through clients via malicious svn+ssh URLs CVE-2017-9800 - The...

RHEL 7 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: svnserve/sasl may authenticate users using the wrong realm CVE-2016-2167 - The reqcheckaccess...

Debian: Security Advisory (DLA-448-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-2167

The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repositor...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2550)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : subversion (EulerOS-SA-2019-2504)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-servic...

Photon OS 1.0: Subversion PHSA-2016-0013

An update of the subversion package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2016-0013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid12165...

Ubuntu: Security Advisory (USN-3388-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : Subversion vulnerabilities (USN-3388-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3388-1 advisory. Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to...

Amazon Linux: Security Advisory (ALAS-2016-710)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : subversion (2016-e024b3e02b)

Update to 1.9.4 1331222 CVE-2016-2167 CVE-2016-2168 - Move tools in docs to tools subpackage rhbz 1171757 1199761 - Disable make check to work around FTBFS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

subversion: multiple issues

CVE-2016-2167 authentication restriction bypass The canonicalizeusername function in svnserve/cyrusauth.c, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm...

Amazon Linux AMI : mod_dav_svn (ALAS-2016-710)

The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repositor...

Fedora 24 : subversion-1.9.4-1.fc24 (2016-20cc04ac50)

Update to 1.9.4 1331222 CVE-2016-2167 CVE-2016-2168 - Move tools in docs to tools subpackage rhbz 1171757 1199761 - Disable make check to work around FTBFS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

openSUSE Security Update : subversion (openSUSE-2016-571)

This update for subversion fixes the following issues : - CVE-2016-2167: modauthzsvn: DoS in MOVE/COPY authorization check bsc976849 - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm bsc976850 The following non-security bugs were fixed : - modauthzsvn: fix authz with...

CVE-2016-2167

The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repositor...

CVE-2016-2167

The vulnerability CVE-2016-2167 affects Apache Subversion: the canonicalize_username function in svnserve/cyrus_auth.c, when Cyrus SASL is used, may allow remote authentication bypass by using a realm string that prefixes the expected repository realm. Affected versions are Subversion 1.8.x befor...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially...

Debian DSA-3561-1 : subversion - security update

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2167 Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL...