Security update for subversion SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:1511-1 Final 1 1 2016-06-07T11:41:15Z current 2016-06-07T11:41:15Z 2016-06-07T11:41:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for subversion This update for subversion fixes the following issues: - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden by authz (bsc#939517) - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-subversion-12599,slestso13-subversion-12599 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20161511-1/ Link for SUSE-SU-2016:1511-1 https://lists.suse.com/pipermail/sle-security-updates/2016-June/002100.html E-Mail link for SUSE-SU-2016:1511-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/939517 SUSE Bug 939517 https://bugzilla.suse.com/976849 SUSE Bug 976849 https://bugzilla.suse.com/976850 SUSE Bug 976850 https://www.suse.com/security/cve/CVE-2015-3187/ SUSE CVE CVE-2015-3187 page https://www.suse.com/security/cve/CVE-2016-2167/ SUSE CVE CVE-2016-2167 page https://www.suse.com/security/cve/CVE-2016-2168/ SUSE CVE CVE-2016-2168 page SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Studio Onsite 1.3 subversion-1.6.17-1.35.1 subversion-devel-1.6.17-1.35.1 subversion-perl-1.6.17-1.35.1 subversion-python-1.6.17-1.35.1 subversion-server-1.6.17-1.35.1 subversion-tools-1.6.17-1.35.1 subversion-1.6.17-1.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 subversion-devel-1.6.17-1.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 subversion-perl-1.6.17-1.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 subversion-python-1.6.17-1.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 subversion-server-1.6.17-1.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 subversion-tools-1.6.17-1.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 subversion-1.6.17-1.35.1 as a component of SUSE Studio Onsite 1.3 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. CVE-2015-3187 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-devel-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-perl-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-python-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-server-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-tools-1.6.17-1.35.1 SUSE Studio Onsite 1.3:subversion-1.6.17-1.35.1 low 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161511-1/ https://www.suse.com/security/cve/CVE-2015-3187.html CVE-2015-3187 https://bugzilla.suse.com/939517 SUSE Bug 939517 The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. CVE-2016-2167 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-devel-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-perl-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-python-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-server-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-tools-1.6.17-1.35.1 SUSE Studio Onsite 1.3:subversion-1.6.17-1.35.1 low 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161511-1/ https://www.suse.com/security/cve/CVE-2016-2167.html CVE-2016-2167 https://bugzilla.suse.com/976849 SUSE Bug 976849 The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. CVE-2016-2168 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-devel-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-perl-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-python-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-server-1.6.17-1.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:subversion-tools-1.6.17-1.35.1 SUSE Studio Onsite 1.3:subversion-1.6.17-1.35.1 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161511-1/ https://www.suse.com/security/cve/CVE-2016-2168.html CVE-2016-2168 https://bugzilla.suse.com/976850 SUSE Bug 976850