-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 29 Jan 2019 20:50:25 -0800 Source: rssh Binary: rssh Architecture: source amd64 Version: 2.3.4-5+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist Closes: 919623 Changes: rssh (2.3.4-5+deb9u1) stretch-security; urgency=high . * Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (Closes: #919623, CVE-2019-1000018) * Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp. * Add validation of the server command line after chroot when chroot is enabled. Prior to this change, dangerous argument filtering was not done when chroot was configured, allowing remote code execution inside the chroot in some configurations via the previous two bugs and via the mechanisms in CVE-2012-2251 and CVE-2012-2252. * Further document that the cvs server-side dangerous option filtering is probably insufficient and should not be considered secure. Checksums-Sha1: abbe87acbd79c6f645d41a4c2b97275974c8765e 1514 rssh_2.3.4-5+deb9u1.dsc e13ae1fdce4b0c89ef70f4695689139c8409e2e8 113315 rssh_2.3.4.orig.tar.gz ec0806bfe79aa9e492ca6cacda703e3402b0bd76 29752 rssh_2.3.4-5+deb9u1.debian.tar.xz 82603138d269ae3c7fccaa7b7049a5b18993ff4c 50334 rssh-dbgsym_2.3.4-5+deb9u1_amd64.deb e99df262b745edd2f9eee6d804036a963e9b9333 5735 rssh_2.3.4-5+deb9u1_amd64.buildinfo 0ee3959f7eceb196e05d581c9f724074ca6dfd13 55234 rssh_2.3.4-5+deb9u1_amd64.deb Checksums-Sha256: cdb37277bf07dbfa1c67ffe1af44b11445352846776d9e5c06fe842d0130bdda 1514 rssh_2.3.4-5+deb9u1.dsc f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 113315 rssh_2.3.4.orig.tar.gz ef5fdacd6ed2e65951e41e239112c623e47f8ba9ad8e4a31128fe9aaebdd83fd 29752 rssh_2.3.4-5+deb9u1.debian.tar.xz c08ed3a198b1dde1a191c56253312680b7e3452f0aa29eb2860f93644e99c9df 50334 rssh-dbgsym_2.3.4-5+deb9u1_amd64.deb d09d2acdc9e66f9edb9fae7466128ead7dd62e58a882467a7d49c78782ee1c85 5735 rssh_2.3.4-5+deb9u1_amd64.buildinfo 523c80701e1dd46107a2c29b47e2567ca8c63962d4de0014bd7c9efe92c87689 55234 rssh_2.3.4-5+deb9u1_amd64.deb Files: 14f390db82b92c964c0f47aa92cc66c6 1514 net optional rssh_2.3.4-5+deb9u1.dsc 5211f5fe206704f813a3cec61f487042 113315 net optional rssh_2.3.4.orig.tar.gz c979ff30b775c381fdde87dd887d6e0d 29752 net optional rssh_2.3.4-5+deb9u1.debian.tar.xz c0289dcddb835943f1284967ca72c203 50334 debug extra rssh-dbgsym_2.3.4-5+deb9u1_amd64.deb f55ce22f03dba8d01afe453dab94dedd 5735 net optional rssh_2.3.4-5+deb9u1_amd64.buildinfo e2a36964f73fdfe1f946fab31203a3a3 55234 net optional rssh_2.3.4-5+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAlxRMVoACgkQfYAxXFc2 3nVc/QgAsGs4wfVRB7OrwpjGZfIuyATxNA3O/C6kBo0kzW60+/e8ZBO4T8A0uS6p Db+sNRhJI7zIqJOnlwQ5Vxbx4HHDpSRRIkKTxDPINUpNMwCPr9vXAvjdP0OL/F7L 8Rb9Pi/1yk4QqrBd8RnskkKs6JM618U81LSnXnYIE96Xj4FkvE0CLac2IT+799BQ XR6AQ+H2mXt5N7PZWDueYGzHhWegiilsLW74R3hhS/GzvXj7PKFm753KbUSS+AsO vjODWciZrTTcwxsGtpLsLCB9eGVnLPvVRCNKva3qpEg4S7rMND+A5X7k/QSVmkC9 qzM7NLdUYxcrYONOeS/141B6F91O+g== =d1aX -----END PGP SIGNATURE-----
