Linux Distros Unpatched Vulnerability : CVE-2016-2168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The reqcheckaccess function in the modauthzsvn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated...

RHEL 7 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: moddavsvn integer overflow when parsing skel-encoded request bodies CVE-2015-5343 - The...

RHEL 7 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: svnserve/sasl may authenticate users using the wrong realm CVE-2016-2167 - The reqcheckaccess...

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: Command injection through clients via malicious svn+ssh URLs CVE-2017-9800 - The...

Debian: Security Advisory (DLA-448-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2550)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : subversion (EulerOS-SA-2019-2504)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-servic...

Photon OS 1.0: Subversion PHSA-2016-0013

An update of the subversion package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2016-0013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid12165...

Amazon Linux: Security Advisory (ALAS-2016-710)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : subversion (2016-e024b3e02b)

Update to 1.9.4 1331222 CVE-2016-2167 CVE-2016-2168 - Move tools in docs to tools subpackage rhbz 1171757 1199761 - Disable make check to work around FTBFS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

subversion: multiple issues

CVE-2016-2167 authentication restriction bypass The canonicalizeusername function in svnserve/cyrusauth.c, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm...

Amazon Linux AMI : mod_dav_svn (ALAS-2016-710)

The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repositor...

Fedora 24 : subversion-1.9.4-1.fc24 (2016-20cc04ac50)

Update to 1.9.4 1331222 CVE-2016-2167 CVE-2016-2168 - Move tools in docs to tools subpackage rhbz 1171757 1199761 - Disable make check to work around FTBFS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

openSUSE Security Update : subversion (openSUSE-2016-571)

This update for subversion fixes the following issues : - CVE-2016-2167: modauthzsvn: DoS in MOVE/COPY authorization check bsc976849 - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm bsc976850 The following non-security bugs were fixed : - modauthzsvn: fix authz with...

CVE-2016-2168

The reqcheckaccess function in the modauthzsvn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a crafted header in a 1 MOVE or 2 COPY request, involving an...

CVE-2016-2168

The reqcheckaccess function in the modauthzsvn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a crafted header in a 1 MOVE or 2 COPY request, involving an...

CVE-2016-2168

CVE-2016-2168 affects Apache Subversion’s httpd-based Subversion server, specifically the mod_authz_svn module. The issue arises in the req_check_access path, allowing remote authenticated users to trigger a denial of service (NULL pointer dereference and crash) via a crafted header in a MOVE or ...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially...

Debian DSA-3561-1 : subversion - security update

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2167 Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL...

Slackware 14.0 / 14.1 / current : subversion (SSA:2016-121-01)

New subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-121-01. The text itself is copyrigh...