Package: rssh Version: 2.2.3-1 Severity: grave Tags: security >From the rssh website, http://www.pizzashack.org/rssh/
Important Security Notice: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed (and rssh_chroot_helper is installed SUID) to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentially mitigating factors, but to be safe you should upgrade immediately. This bug affects all versions of rssh from v2.0.0 to v2.2.3, so please upgrade now! I believe this affects the Debian package, since I could not find any documentation on this issue being fixed in the current stable verion. A new version, 2.3.0 is available upstream to fix this issue. I believe it will also fix bug #339531. -- Mikko Hänninen <[EMAIL PROTECTED]> ***** Printed with 100% recycled electrons. ***** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
