rssh 2.3.4-4+deb8u1build0.14.04.1 source package in Ubuntu
Changelog
rssh (2.3.4-4+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian rssh (2.3.4-4+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the LTS team. * Backport security fixes prepared by Debian's maintainer of rssh. * Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (CVE-2019-1000018) * Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp. * Add validation of the server command line after chroot when chroot is enabled. Prior to this change, dangerous argument filtering was not done when chroot was configured, allowing remote code execution inside the chroot in some configurations via the previous two bugs and via the mechanisms in CVE-2012-2251 and CVE-2012-2252. * Document that the cvs server-side dangerous option filtering is probably insufficient and should not be considered secure. -- Mike Salvatore <email address hidden> Tue, 05 Feb 2019 15:05:31 -0500
Upload details
- Uploaded by:
- Mike Salvatore
- Uploaded to:
- Trusty
- Original maintainer:
- Russ Allbery
- Architectures:
- any
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
rssh_2.3.4.orig.tar.gz | 110.7 KiB | f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 |
rssh_2.3.4-4+deb8u1build0.14.04.1.debian.tar.xz | 28.1 KiB | 52c7b6b4bfc2c673625714077e846d0a067c1c7183ddfd601824ad2a7a8b7dce |
rssh_2.3.4-4+deb8u1build0.14.04.1.dsc | 1.8 KiB | 8c0628839a4c841c46110a68a732a2da1c778e74e0b1f0c332dcf754737cf7d0 |
Available diffs
Binary packages built by this source
- rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
rssh is a restricted shell, used as a login shell, that allows users to
perform only scp, sftp, cvs, svnserve (Subversion), rdist, and/or rsync
operations. It can also optionally chroot user logins into a restricted
jail.
- rssh-dbgsym: debug symbols for package rssh
rssh is a restricted shell, used as a login shell, that allows users to
perform only scp, sftp, cvs, svnserve (Subversion), rdist, and/or rsync
operations. It can also optionally chroot user logins into a restricted
jail.