-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : rssh Version : 2.3.4-4+deb8u1 CVE ID : CVE-2019-1000018 Debian Bug : 919623
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands. Please note that with the update applied, the "-3" option of scp can no longer be used. For Debian 8 "Jessie", this problem has been fixed in version 2.3.4-4+deb8u1. We recommend that you upgrade your rssh packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxR/LxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeS9ghAAhk1++/F0CtSIXUjY+VSqfQlJtHYFyvhk8Hby6eM1cAcihJEXzfrHnGVG sj3MRp1evoRvGFvfurLtXl2GpfSZvTCHUe3XgoT4WJaCefcsjrZUvvujUPzpbKf5 FLsjgUnu44+1whFPdSCnyVXdGzbgtE4/6ILCu9Oo7bzIqWcdexJKAwNHwKTAJl3R gfVW05Mx92HMyq6up1c0D9tgCGet8hgJo3j8nmISFilvZefa9AKsawLMbFUq8rNQ 16u18aNhsP3fcr+WuAvbqXpXn+ssHCJcsZZKDRQ0QvRekjlbMEPKuLyZCCkmN2TU k7im1qA3zzfmw2O0US73r6Z41J1NsslM+YHSiIy+nPfPvHJHXrVXpIgssaqe3mkx 5+/tIPa4RBg6YvKyVpS5kCdu9ZjuE9C8p4zwXnHcpHNMc16iKIaSH/7t8Kxzxx0M MvFgqZJ23cGfrtbJNUsyyzRrB+s8mpYM5bE9nk0y4Z7uLtJOImnq9ZeipGjkx61s raz7lEqJrMeUtSHAn1tCC3y0CaiekC6zcAVvKaciqrPd+1l/AKDSMluRFT1m93t5 IJSz7D5gMmGnvZ0fdOMpM+ECLv8OF5TrYa2XadnvevWqes0qx3FZUblRG77Saja5 k9jdERvtFqMUVGyE67pEHXYOWl2K59EBmcJkjmnv5utQPcBD7HY= =EAcn -----END PGP SIGNATURE-----
