[3.4] subversion: Security issues (CVE-2016-2167, CVE-2016-2168)ID: oval:org.secpod.oval:def:1800025 | Date: (C)2018-03-29 (M)2023-11-10 |
Class: PATCH | Family: unix |
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption.Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string. Fixed In Version: Subversion 1.8.16Subversion 1.9.4
Platform: |
Alpine Linux 3.4 |