Accepted rssh 2.3.4-5+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 29 Jan 2019 20:50:25 -0800
Source: rssh
Binary: rssh
Architecture: source amd64
Version: 2.3.4-5+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Russ Allbery <rra@debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
Closes: 919623
Changes:
rssh (2.3.4-5+deb9u1) stretch-security; urgency=high
.
* Validate the allowed scp command line and only permit the flags used
in server mode and only a single argument, to attempt to prevent use
of ssh options to run arbitrary code on the server. This will break
scp -3 to a system running rssh, which seems like an acceptable loss.
(Closes: #919623, CVE-2019-1000018)
* Tighten validation of the rsync command line to require --server be
the first argument, which should prevent initiation of an outbound
rsync command from the server, which in turn might allow execution of
arbitrary code via ssh configuration similar to scp.
* Add validation of the server command line after chroot when chroot is
enabled. Prior to this change, dangerous argument filtering was not
done when chroot was configured, allowing remote code execution inside
the chroot in some configurations via the previous two bugs and via
the mechanisms in CVE-2012-2251 and CVE-2012-2252.
* Further document that the cvs server-side dangerous option filtering
is probably insufficient and should not be considered secure.
Checksums-Sha1:
abbe87acbd79c6f645d41a4c2b97275974c8765e 1514 rssh_2.3.4-5+deb9u1.dsc
e13ae1fdce4b0c89ef70f4695689139c8409e2e8 113315 rssh_2.3.4.orig.tar.gz
ec0806bfe79aa9e492ca6cacda703e3402b0bd76 29752 rssh_2.3.4-5+deb9u1.debian.tar.xz
82603138d269ae3c7fccaa7b7049a5b18993ff4c 50334 rssh-dbgsym_2.3.4-5+deb9u1_amd64.deb
e99df262b745edd2f9eee6d804036a963e9b9333 5735 rssh_2.3.4-5+deb9u1_amd64.buildinfo
0ee3959f7eceb196e05d581c9f724074ca6dfd13 55234 rssh_2.3.4-5+deb9u1_amd64.deb
Checksums-Sha256:
cdb37277bf07dbfa1c67ffe1af44b11445352846776d9e5c06fe842d0130bdda 1514 rssh_2.3.4-5+deb9u1.dsc
f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 113315 rssh_2.3.4.orig.tar.gz
ef5fdacd6ed2e65951e41e239112c623e47f8ba9ad8e4a31128fe9aaebdd83fd 29752 rssh_2.3.4-5+deb9u1.debian.tar.xz
c08ed3a198b1dde1a191c56253312680b7e3452f0aa29eb2860f93644e99c9df 50334 rssh-dbgsym_2.3.4-5+deb9u1_amd64.deb
d09d2acdc9e66f9edb9fae7466128ead7dd62e58a882467a7d49c78782ee1c85 5735 rssh_2.3.4-5+deb9u1_amd64.buildinfo
523c80701e1dd46107a2c29b47e2567ca8c63962d4de0014bd7c9efe92c87689 55234 rssh_2.3.4-5+deb9u1_amd64.deb
Files:
14f390db82b92c964c0f47aa92cc66c6 1514 net optional rssh_2.3.4-5+deb9u1.dsc
5211f5fe206704f813a3cec61f487042 113315 net optional rssh_2.3.4.orig.tar.gz
c979ff30b775c381fdde87dd887d6e0d 29752 net optional rssh_2.3.4-5+deb9u1.debian.tar.xz
c0289dcddb835943f1284967ca72c203 50334 debug extra rssh-dbgsym_2.3.4-5+deb9u1_amd64.deb
f55ce22f03dba8d01afe453dab94dedd 5735 net optional rssh_2.3.4-5+deb9u1_amd64.buildinfo
e2a36964f73fdfe1f946fab31203a3a3 55234 net optional rssh_2.3.4-5+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAlxRMVoACgkQfYAxXFc2
3nVc/QgAsGs4wfVRB7OrwpjGZfIuyATxNA3O/C6kBo0kzW60+/e8ZBO4T8A0uS6p
Db+sNRhJI7zIqJOnlwQ5Vxbx4HHDpSRRIkKTxDPINUpNMwCPr9vXAvjdP0OL/F7L
8Rb9Pi/1yk4QqrBd8RnskkKs6JM618U81LSnXnYIE96Xj4FkvE0CLac2IT+799BQ
XR6AQ+H2mXt5N7PZWDueYGzHhWegiilsLW74R3hhS/GzvXj7PKFm753KbUSS+AsO
vjODWciZrTTcwxsGtpLsLCB9eGVnLPvVRCNKva3qpEg4S7rMND+A5X7k/QSVmkC9
qzM7NLdUYxcrYONOeS/141B6F91O+g==
=d1aX
-----END PGP SIGNATURE-----