[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

ssh vulnerability that has potential impacts to Subversion users

From: Ben Reser <ben_at_reser.org>
Date: Fri, 08 Nov 2013 14:29:20 -0800

OpenSSH released a fix for a memory corruption with AES-GCM ciphers in OpenSSH
6.2 and 6.3.

Their advisory is here:

If you're using Subversion in a svn+ssh:// configuration that restrictions on
the command being run using the command field in the authorized_keys file it
may be possible to bypass this restriction.

This Subversion configuration is described in the SVN Book here:
Received on 2013-11-08 23:29:57 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.