PublicDateAtUSN: 2016-11-30 Candidate: CVE-2016-8734 PublicDate: 2017-10-16 13:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734 https://subversion.apache.org/security/CVE-2016-8734-advisory.txt https://ubuntu.com/security/notices/USN-3388-1 Description: Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. Ubuntu-Description: Florian Weimer discovered that Subversion clients did not properly restrict XML entity expansion when accessing http(s):// URLs. A remote attacker could use this to cause a denial of service. Notes: mdeslaur> for mod_dontdothat, we don't ship it in binary packages mdeslaur> for clients, we build with serf, so we're vulnerable Bugs: Priority: low Discovered-by: Florian Weimer Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM] Patches_subversion: upstream: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt upstream_subversion: released (1.9.5-1, 1.8.17, 1.9.5) precise_subversion: ignored (reached end-of-life) precise/esm_subversion: ignored (end of ESM support, was needed) trusty_subversion: released (1.8.8-1ubuntu3.3) trusty/esm_subversion: DNE (trusty was released [1.8.8-1ubuntu3.3]) vivid/stable-phone-overlay_subversion: DNE vivid/ubuntu-core_subversion: DNE xenial_subversion: released (1.9.3-2ubuntu1.1) esm-infra/xenial_subversion: released (1.9.3-2ubuntu1.1) yakkety_subversion: ignored (reached end-of-life) zesty_subversion: not-affected (1.9.5-1ubuntu1) artful_subversion: not-affected (1.9.5-1ubuntu1) bionic_subversion: not-affected (1.9.5-1ubuntu1) cosmic_subversion: not-affected (1.9.5-1ubuntu1) disco_subversion: not-affected (1.9.5-1ubuntu1) eoan_subversion: not-affected (1.9.5-1ubuntu1) focal_subversion: not-affected (1.9.5-1ubuntu1) groovy_subversion: not-affected (1.9.5-1ubuntu1) hirsute_subversion: not-affected (1.9.5-1ubuntu1) devel_subversion: not-affected (1.9.5-1ubuntu1)