Amazon Linux 1 Security Advisory: ALAS-2016-709
Advisory Release Date: 2016-06-02 18:08 Pacific
Advisory Updated Date: 2016-06-03 19:46 Pacific
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167)
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168)
Affected Packages:
subversion
Issue Correction:
Run yum update subversion to update your system.
i686:
subversion-perl-1.9.4-2.54.amzn1.i686
subversion-1.9.4-2.54.amzn1.i686
subversion-javahl-1.9.4-2.54.amzn1.i686
subversion-devel-1.9.4-2.54.amzn1.i686
subversion-python26-1.9.4-2.54.amzn1.i686
subversion-tools-1.9.4-2.54.amzn1.i686
subversion-ruby-1.9.4-2.54.amzn1.i686
subversion-debuginfo-1.9.4-2.54.amzn1.i686
mod24_dav_svn-1.9.4-2.54.amzn1.i686
subversion-python27-1.9.4-2.54.amzn1.i686
subversion-libs-1.9.4-2.54.amzn1.i686
src:
subversion-1.9.4-2.54.amzn1.src
x86_64:
subversion-python27-1.9.4-2.54.amzn1.x86_64
subversion-ruby-1.9.4-2.54.amzn1.x86_64
subversion-tools-1.9.4-2.54.amzn1.x86_64
subversion-debuginfo-1.9.4-2.54.amzn1.x86_64
subversion-1.9.4-2.54.amzn1.x86_64
subversion-perl-1.9.4-2.54.amzn1.x86_64
subversion-javahl-1.9.4-2.54.amzn1.x86_64
subversion-devel-1.9.4-2.54.amzn1.x86_64
subversion-libs-1.9.4-2.54.amzn1.x86_64
subversion-python26-1.9.4-2.54.amzn1.x86_64
mod24_dav_svn-1.9.4-2.54.amzn1.x86_64