Описание
Security update for python-paramiko
This update for python-paramiko to version 1.18.5 fixes the following issues:
This security issue was fixed:
- CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step (bsc#1085276)
This non-security issue was fixed:
- Prevent connection problems with ssh servers due to no acceptable macs being available (bsc#1106148)
For additional changes please check the changelog.
Список пакетов
SUSE Linux Enterprise Module for Public Cloud 12
python-paramiko-1.18.5-2.12.1
Ссылки
- Link for SUSE-SU-2018:2777-1
- E-Mail link for SUSE-SU-2018:2777-1
- SUSE Security Ratings
- SUSE Bug 1085276
- SUSE Bug 1106148
- SUSE CVE CVE-2018-7750 page
Описание
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.12.1
Ссылки
- CVE-2018-7750
- SUSE Bug 1085276
- SUSE Bug 1111151