USN-3946-1: rssh vulnerabilities
11 April 2019
rssh could be made to run arbitrary commands if it received specially crafted input.
- rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
It was discovered that rssh incorrectly handled certain command-line arguments
and environment variables. An authenticated user could bypass rssh's command
restrictions, allowing an attacker to run arbitrary commands.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.