Ubuntu Security Notice 3946-1 - It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands.
b3912f7c3ac4d52ac8b9e4852a3b76a0715abb7ec40879e56706a9a715489272
Debian Linux Security Advisory 4377-3 - The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those.
c1086ef619d30d33c973554f8c81008469bc8fd1c9b5a060a0f84560ad6b93ad
Debian Linux Security Advisory 4377-1 - The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.
94d852fddd0d7de255869f71aa353a2bf3c2963c61f4197cc965bee4345d3540