subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Reser <...@reser.org>
Subject ssh vulnerability that has potential impacts to Subversion users
Date Fri, 08 Nov 2013 22:29:20 GMT
OpenSSH released a fix for a memory corruption with AES-GCM ciphers in OpenSSH
6.2 and 6.3.

Their advisory is here:
http://www.openssh.com/txt/gcmrekey.adv

If you're using Subversion in a svn+ssh:// configuration that restrictions on
the command being run using the command field in the authorized_keys file it
may be possible to bypass this restriction.

This Subversion configuration is described in the SVN Book here:
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks

Mime
View raw message