rssh 2.3.4-4+deb8u1build0.14.04.1 source package in Ubuntu

Changelog

rssh (2.3.4-4+deb8u1build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

rssh (2.3.4-4+deb8u1) jessie-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Backport security fixes prepared by Debian's maintainer of rssh.
  * Validate the allowed scp command line and only permit the flags used
    in server mode and only a single argument, to attempt to prevent use
    of ssh options to run arbitrary code on the server. This will break
    scp -3 to a system running rssh, which seems like an acceptable loss.
    (CVE-2019-1000018)
  * Tighten validation of the rsync command line to require --server be
    the first argument, which should prevent initiation of an outbound
    rsync command from the server, which in turn might allow execution of
    arbitrary code via ssh configuration similar to scp.
  * Add validation of the server command line after chroot when chroot is
    enabled. Prior to this change, dangerous argument filtering was not
    done when chroot was configured, allowing remote code execution inside
    the chroot in some configurations via the previous two bugs and via
    the mechanisms in CVE-2012-2251 and CVE-2012-2252.
  * Document that the cvs server-side dangerous option filtering is
    probably insufficient and should not be considered secure.

 -- Mike Salvatore <email address hidden>  Tue, 05 Feb 2019 15:05:31 -0500

Upload details

Uploaded by:
Mike Salvatore
Uploaded to:
Trusty
Original maintainer:
Russ Allbery
Architectures:
any
Section:
net
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
rssh_2.3.4.orig.tar.gz 110.7 KiB f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9
rssh_2.3.4-4+deb8u1build0.14.04.1.debian.tar.xz 28.1 KiB 52c7b6b4bfc2c673625714077e846d0a067c1c7183ddfd601824ad2a7a8b7dce
rssh_2.3.4-4+deb8u1build0.14.04.1.dsc 1.8 KiB 8c0628839a4c841c46110a68a732a2da1c778e74e0b1f0c332dcf754737cf7d0

View changes file

Binary packages built by this source

rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist

 rssh is a restricted shell, used as a login shell, that allows users to
 perform only scp, sftp, cvs, svnserve (Subversion), rdist, and/or rsync
 operations. It can also optionally chroot user logins into a restricted
 jail.

rssh-dbgsym: debug symbols for package rssh

 rssh is a restricted shell, used as a login shell, that allows users to
 perform only scp, sftp, cvs, svnserve (Subversion), rdist, and/or rsync
 operations. It can also optionally chroot user logins into a restricted
 jail.