Bug 6511 - subversion security vulnerabilities (CVE-2015-5343) (CVE-2016-2168)
: subversion security vulnerabilities (CVE-2015-5343) (CVE-2016-2168)
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://advisories.mageia.org/MGASA-2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-29 06:05 MSK by Zombie Ryushu
Modified: 2016-09-19 14:20 MSD (History)
2 users (show)

See Also:
RPM Package: subversion
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
denis.silakov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2015-12-29 06:05:06 MSK
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Zombie Ryushu 2015-12-29 06:06:48 MSK
Subversion's httpd servers are vulnerable to a remotely triggerable heap-based
buffer overflow and out-of-bounds read caused by an integer overflow when
parsing skel-encoded request bodies (CVE-2015-5343).

This allows remote attackers with write access to a repository to cause a
denial of service or possibly execute arbitrary code under the context of the
httpd process.  32-bit server versions are vulnerable to both the
denial-of-service attack and possible arbitrary code execution.  64-bit server
versions are only vulnerable to the denial-of-service attack.
Comment 2 Zombie Ryushu 2016-05-06 01:01:54 MSD
Escalation

Updated subversion packages fix security vulnerabilities:

Daniel Shahaf and James McCoy discovered that an implementation error in the
authentication against the Cyrus SASL library would permit a remote user to
specify a realm string which is a prefix of the expected realm string and
potentially allowing a user to authenticate using the wrong realm
(CVE-2016-2167).

Ivan Zhakov of VisualSVN discovered a remotely triggerable denial of service
vulnerability in the mod_authz_svn module during COPY or MOVE authorization
check. An authenticated remote attacker could take advantage of this flaw to
cause a denial of service (Subversion server crash) via COPY or MOVE requests
with specially crafted header (CVE-2016-2168).
Comment 3 Denis Silakov 2016-08-19 15:01:32 MSD
Advisory:
Updated subversion to a new bug-fix release - 1.8.16

Build lists:
https://abf.io/build_lists/2709019
https://abf.io/build_lists/2709020
Comment 4 Vladimir Potapov 2016-09-15 17:30:36 MSD
urpme subversion
Для удовлетворения зависимостей будут удалены следующие 10 пакетов (42МБ):
  abf-console-client-2.5.3-2-rosa2014.1.noarch
   (из-за отсутствия git)
  bup-0.27-2-rosa2014.1.x86_64
   (из-за отсутствия git)
  git-2.7.3-1-rosa2014.1.x86_64
   (из-за неудовлетворённости git-svn == 1:2.7.3-1:2014.1,
    из-за неудовлетворённости git-core == 1:2.7.3-1:2014.1,
    из-за неудовлетворённости git-email == 1:2.7.3-1:2014.1)
  git-core-2.7.3-1-rosa2014.1.x86_64
   (из-за отсутствия perl(Git))
  git-email-2.7.3-1-rosa2014.1.x86_64
   (из-за отсутствия perl(Git),
    из-за неудовлетворённости git-core == 1:2.7.3-1:2014.1)
  git-svn-2.7.3-1-rosa2014.1.x86_64
   (из-за отсутствия subversion,
    из-за отсутствия perl-SVN,
    из-за отсутствия perl(Git),
    из-за отсутствия perl(Git::SVN),
    из-за отсутствия perl(Git::SVN::Editor),
    из-за отсутствия perl(Git::SVN::Fetcher),
    из-за отсутствия perl(Git::SVN::Log),
    из-за отсутствия perl(Git::SVN::Migration),
    из-за отсутствия perl(Git::SVN::Prompt),
    из-за отсутствия perl(Git::SVN::Ra),
    из-за отсутствия perl(Git::SVN::Utils),
    из-за отсутствия perl-Git,
    из-за неудовлетворённости git-core == 1:2.7.3-1:2014.1)
  kup-0.5.1-3-rosa2014.1.x86_64
   (из-за отсутствия bup)
  perl-Git-2.7.3-1-rosa2014.1.x86_64
   (из-за отсутствия perl(SVN::Core),
    из-за отсутствия perl(SVN::Delta),
    из-за отсутствия perl(SVN::Ra),
    из-за неудовлетворённости git-core == 1:2.7.3-1:2014.1)
  perl-SVN-1.8.16-1-rosa2014.1.x86_64
   (из-за неудовлетворённости subversion == 2:1.8.16-1:2014.1)
  subversion-1.8.16-1-rosa2014.1.x86_64
Comment 5 Vladimir Potapov 2016-09-15 17:39:39 MSD
The update is sent to expanded testing
**************************************
Comment 6 Vladimir Potapov 2016-09-19 13:58:26 MSD
subversion-1.8.16-1
https://abf.io/build_lists/2709019
https://abf.io/build_lists/2709020
*************************** Advisory *************************
Updated subversion to a new bug-fix release - 1.8.16, fix (CVE-2016-2168)
**************************************************************
QA Verified