=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata37.html,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- www/errata37.html 2019/05/27 22:55:19 1.67 +++ www/errata37.html 2019/05/28 16:32:42 1.68 @@ -85,78 +85,77 @@
-
-
sudo ALL
privileges to
+another user.
-
-
-
@@ -170,77 +169,78 @@ A source code patch exists which remedies this problem.
-
-
-
-
sudo ALL
privileges to
-another user.
+Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
+system(3)
+function in
+scp(1)
+when performing copy operations using filenames that are supplied by the user from the command line.
+This can be exploited to execute shell commands with privileges of the user running
+scp(1).
-
-