1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4382-1] rssh security update

    From Moritz Muehlenhoff@1:229/2 to All on Sat Feb 2 19:40:02 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4382-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : rssh
    CVE ID : CVE-2019-3463 CVE-2019-3464

    Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell
    that allows users to perform only scp, sftp, cvs, svnserve (Subversion),
    rdist and/or rsync operations. Missing validation in the rsync support
    could result in the bypass of this restriction, allowing the execution
    of arbitrary shell commands.

    For the stable distribution (stretch), these problems have been fixed in version 2.3.4-5+deb9u2.

    We recommend that you upgrade your rssh packages.

    For the detailed security status of rssh please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/rssh

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlxV34gACgkQEMKTtsN8 TjZgHRAAu7jy6hVuWk3DodhFTZnIp2jjrd6rZv1BDVJISrdlh2mnQx0ywPt9aI21 /tdcyd3Iwq7QM9LwtLWCE4YR90AGJDMlcG1mXbOuhMeMpyyyiA7N/2B2y8GB9uWI EqkiGSvdNkwHqCgrTXkuxwY3t6yDixlrBuIjwvQobsm6HZqUCPNgq5DQmg/CqQkj RZnaKIfzUvdwW7oVW7NORbJUoRTj6IoYLd8ETgaHlSErvCEONENRQGUAKWRk9dFO XyWsLpphXkxqvzjpIv+T8UYnZkV5+BK2Zn2rN8KcQMcGLQw3GK1D3VNzip+ucz3x OyEGveM5uHOL9LubBGGmq8TqshUxvrZDYRkyhLqTwZ7+S4WBuED/aFolCcnQiXEE z/o92KPDScFGoLm/HhYUT0KpeoiD91UZl8geTvepJ/Vx86j/Izb0Kw+RbVBRPSt2 GFX2Y3jdMeMXLj+LARJt2U8IKupovm2TzKmPw5WURblv5n8KhTrloUQeQja+Yav7 dEqYV8Wwmqo8XQt+UsSJ03kVeBzTWOGH4KfZKK4JHBfubPSW7/ALz23qNKRfqJDT ySjWU2wJO5RuhlFC/bHv2EeOeALW3SkGfKAJlP/ZXLuNJqsjN4jSVJTdMKK+v7fo sGQrV3nInXDXlxZQLhO40FJ6WPLyx+fHi5I4vj39VBNlpTQJXuc=
    =Sira
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)