{"id":"MGASA-2016-0161","summary":"Updated subversion packages fix security vulnerabilities","details":"Updated subversion packages fix security vulnerabilities:\n\nDaniel Shahaf and James McCoy discovered that an implementation error in the\nauthentication against the Cyrus SASL library would permit a remote user to\nspecify a realm string which is a prefix of the expected realm string and\npotentially allowing a user to authenticate using the wrong realm\n(CVE-2016-2167).\n\nIvan Zhakov of VisualSVN discovered a remotely triggerable denial of service\nvulnerability in the mod_authz_svn module during COPY or MOVE authorization\ncheck. An authenticated remote attacker could take advantage of this flaw to\ncause a denial of service (Subversion server crash) via COPY or MOVE requests\nwith specially crafted header (CVE-2016-2168).\n","modified":"2026-01-31T19:28:32.219082Z","published":"2016-05-05T09:05:33Z","related":["CVE-2016-2167","CVE-2016-2168"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0161.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18299"},{"type":"REPORT","url":"http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA@mail.gmail.com%3E"},{"type":"REPORT","url":"http://svn.apache.org/repos/asf/subversion/tags/1.8.16/CHANGES"},{"type":"REPORT","url":"http://subversion.apache.org/security/CVE-2016-2167-advisory.txt"},{"type":"REPORT","url":"http://subversion.apache.org/security/CVE-2016-2168-advisory.txt"},{"type":"REPORT","url":"https://www.debian.org/security/2016/dsa-3561"}],"affected":[{"package":{"name":"subversion","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/subversion?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.16-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0161.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}