From https://secunia.com/advisories/51343/ :
A vulnerability has been reported in rssh, which can be exploited by malicious, local users to
bypass certain security restrictions.
The vulnerability is caused due to an error when validating the "--rsh" command line option and can
be exploited to bypass the allowed commands filter checks resulting in reduced shell restrictions.
The vulnerability is reported in versions prior to 2.3.4.
Update to version 2.3.4.
The bump is on my TODO list for today
Bumped. Please proceed with the stabilization
Arches, please test and mark stable:
Target keywords : "amd64 ppc x86"
Archtested on x86: Everything OK
- Compiles with all USE-flags.
- Repoman reports no errors.
- Successfully set up a restrictive shell and verified that it worked as I intended it to.
x86 done, Thanks Dan Dexter for testing!
GLSA vote: no.
GLSA Vote: no too, closing noglsa.
Reopening as it has been added to GLSA draft
This issue was resolved and addressed in
GLSA 201311-19 at http://security.gentoo.org/glsa/glsa-201311-19.xml
by GLSA coordinator Sergey Popov (pinkbyte).