[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2822-1] netkit-rsh security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2822-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
November 19, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : netkit-rsh
Version        : 0.17-17+deb9u1
CVE ID         : CVE-2019-7282 CVE-2019-7283
Two issues have been found in netkit-rsh, client and server programs for remote shell connections. Due to insufficient input validation in path names sent by server, a malicious server can do arbitrary file overwrites in the target directory or modify permissions of the target directory. 


For Debian 9 stretch, these problems have been fixed in version
0.17-17+deb9u1.

We recommend that you upgrade your netkit-rsh packages.

For the detailed security status of netkit-rsh please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/netkit-rsh

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmGW3KRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdjPQ/+Mr8UhEid8T8Frfvt6TmiaWSz8WEnb/XGD2MTMq74moUVuvv1AHxwe554
z8EFaapeppIpyP3be4c6ee6TLqnATb+EqPPqtrbPkdB+M7r2dBqRIFNUo9hX6UGy
1Wxs4aWkkqCdNv2gTyMYZohJjtufSV92pQ5AorzVYkl27gviMYDXmoWSPE7OS1C1
d9aQJk096GGJoaR2IQGOS9D8Y5N64Z4vMk9p/DUiZm2I1aqLdhpvC2fFvFf7EdDf
WbmqY7aIVYaoiEQY3YAbylH7tZVIH7MRGuAeBe/RpZ2AsDVO0DhPWOnlED0T7B1K
xEAr1MxVBeHwQ7IeGVa++8t9mNlei7QGUPBYMMoJY4OKSphxgX3GXnxDHUkLgeEv
ZPZtOCDkvde6lMbfgA4l9Lzs0j/f02RWH0svLRHIlBSVIMeJv4jGA5GOqfg8Z7ua
m8D48gVeFYRT3VyhSvVZ933V4f1nznB5oSBJZa0/RyccbN0Ep5mVbmWQimTdpq0H
/+nFSKJ7gweDiZYvf9YiqWecvL1lxUmf0fYmYdkOqSb/ps3MxujTiaxJkWvKiC+h
n8sGQW8jnxvDA6PHjSmTB8fwv5JNN6F2Eq0FgjPzi9FErlGhx2rOb0rFmvuEt3Yg
FP1be5GPOYk4wnzmc6SysKJ1SqtNdTCM8Ev2Z0nqt+TrNsRWfAQ=
=5Zhn
-----END PGP SIGNATURE-----
Reply to: