CVE-2016-8734

Related Files

Debian Security Advisory 3932-1

Posted Aug 11, 2017

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3932-1 - Several problems were discovered in Subversion, a centralized version control system.

tags | advisory

systems | linux, debian

advisories | CVE-2016-8734, CVE-2017-9800

SHA-256 | a1bdde86fa5407458eda66de508e4072a37aa16fa1bdedce2c8ce794840af2d4

Download | Favorite | View

Ubuntu Security Notice USN-3388-1

Posted Aug 10, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3388-1 - Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-2167, CVE-2016-8734, CVE-2017-9800

SHA-256 | afb947313ea3b2743fc9ec546b5a4c8ac5e42c19227852d40f19315d56ae31a2

Download | Favorite | View