rssh update
Brought to you by:
xystrus
From: richard l. <mai...@lu...> - 2006-07-18 10:31:54
|
Hello list, On Bugtraq I saw this Debian update for rssh, but on the homepage I can't find anything. It says that "Russ Albery" found a bug in rssh, but according to the rssh homepage the last bugfix was from january 6 2006 and was discovered by Max Vozeler. Is the pizzashack.org website up2date? R. ############################################################ Package : rssh Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-1320 Debian Bug : 346322 Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions. For the stable distribution (sarge) this problem has been fixed in version 2.2.3-1.sarge.2. For the unstable distribution (sid) this problem has been fixed in version 2.3.0-1.1. We recommend that you upgrade your rssh package. ############################################################ -- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | | http://www.lucassen.org/mail-pubkey.html | +------------------------------------------------------------------+ |