[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1660-1] rssh security update

Package        : rssh
Version        : 2.3.4-4+deb8u2
CVE ID         : CVE-2019-3463 CVE-2019-3464

More vulnerabilities were found by Nick Cleaton in the rssh code that
could lead to arbitrary code execution under certain circumstances.


    reject rsync --daemon and --config command-line options; arbitrary
    command execution


    prevent popt to load a ~/.popt configuration file, leading to
    arbitrary command execution

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your rssh packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Attachment: signature.asc
Description: PGP signature

Reply to: