If the UseLogin feature is enabled in ssh local users could pass environment variables (including variables like LD_PRELOAD) to the login process. This has been fixed by not copying the environment if UseLogin is enabled. Please note that the default configuration for Debian does not have UseLogin enabled. This has been fixed in version 1:1.2.3-9.4.
Please note that the default configuration for Debian does not have UseLogin enabled.
This has been fixed in version 1:1.2.3-9.4.
MD5 checksums of the listed files are available in the original advisory.