SUSE-SU-2019:0174-1

Опубликовано: 25 янв. 2019

Источник: suse-cvrf

Описание

Security update for python-paramiko

This update for python-paramiko to version 2.4.2 fixes the following issues:

Security issue fixed:

CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151)

Non-security issue fixed:

Disable experimental gssapi support (bsc#1115769)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

python2-paramiko-2.4.2-3.3.2

SUSE Linux Enterprise Module for Public Cloud 15

python3-paramiko-2.4.2-3.3.2

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190174-1/
Link for SUSE-SU-2019:0174-1
https://lists.suse.com/pipermail/sle-security-updates/2019-January/005064.html
E-Mail link for SUSE-SU-2019:0174-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1111151
SUSE Bug 1111151
https://bugzilla.suse.com/1115769
SUSE Bug 1115769
https://bugzilla.suse.com/1121846
SUSE Bug 1121846
https://www.suse.com/security/cve/CVE-2018-1000805/
SUSE CVE CVE-2018-1000805 page

Описание

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:python2-paramiko-2.4.2-3.3.2

SUSE Linux Enterprise Module for Public Cloud 15:python3-paramiko-2.4.2-3.3.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000805.html
CVE-2018-1000805
https://bugzilla.suse.com/1111151
SUSE Bug 1111151

SUSE-SU-2019:0174-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

SUSE Linux Enterprise Module for Public Cloud 15

Ссылки

Уязвимость: CVE-2018-1000805

Описание

Затронутые продукты

Ссылки