openSUSE-SU-2018:0799-1

Опубликовано: 23 мар. 2018

Источник: suse-cvrf

Описание

Security update for python-paramiko

This update for python-paramiko fixes the following issues:

CVE-2018-7750: Fixed transport.py in the SSH server implementation of Paramiko that does not properly check whether authentication is completed before processing other requests (bsc#1085276).

Список пакетов

openSUSE Leap 42.3

python-paramiko-2.0.8-4.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00057.html
E-Mail link for openSUSE-SU-2018:0799-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Затронутые продукты

openSUSE Leap 42.3:python-paramiko-2.0.8-4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-7750.html
CVE-2018-7750
https://bugzilla.suse.com/1085276
SUSE Bug 1085276
https://bugzilla.suse.com/1111151
SUSE Bug 1111151

openSUSE-SU-2018:0799-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-7750

Описание

Затронутые продукты

Ссылки