ssh vulnerability that has potential impacts to Subversion users

From: Ben Reser <ben_at_reser.org>
Date: Fri, 08 Nov 2013 14:29:20 -0800

OpenSSH released a fix for a memory corruption with AES-GCM ciphers in OpenSSH
6.2 and 6.3.

Their advisory is here:
http://www.openssh.com/txt/gcmrekey.adv

If you're using Subversion in a svn+ssh:// configuration that restrictions on
the command being run using the command field in the authorized_keys file it
may be possible to bypass this restriction.

This Subversion configuration is described in the SVN Book here:
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks
Received on 2013-11-08 23:29:57 CET

This message: [ Message body ]
Next message: Geoff Field: "RE: NOW RESOLVED: SVN copy that worked in 1.8.0 now fails with (424 FailedDependency)"
Previous message: Ben Reser: "Re: Issues with mod_dav in httpd 2.2.25 and 2.4.6"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]