Описание
Security update for python-paramiko
This update for python-paramiko fixes the following issues:
- CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step (bsc#1085276)
Список пакетов
SUSE Linux Enterprise Module for Public Cloud 12
python-paramiko-1.15.2-2.9.1
Ссылки
- Link for SUSE-SU-2018:1971-1
- E-Mail link for SUSE-SU-2018:1971-1
- SUSE Security Ratings
- SUSE Bug 1085276
- SUSE CVE CVE-2018-7750 page
Описание
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.15.2-2.9.1
Ссылки
- CVE-2018-7750
- SUSE Bug 1085276
- SUSE Bug 1111151