python-paramiko-1.7.5-5.AXS4

Release date:

Friday, February 15, 2019 - 10:47

Subject:

Affected Channels:

Asianux Server 4 for x86_64

Asianux Server 4 for x86

Severity:

High

Description:

The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.

Security Fix(es):

* python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Solution:

Update packages.

CVEs:

CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Additional Info:

N/A

Download:

SRPMS

python-paramiko-1.7.5-5.AXS4.src.rpm
MD5: 76dbc2ebf997ef5ba85394abede55754
SHA-256: 8ad753116c40f318e3b60f60c4bd70f469650b9728551234b1b5d4c7d8b238b8
Size: 833.78 kB

Asianux Server 4 for x86

python-paramiko-1.7.5-5.AXS4.noarch.rpm
MD5: 63dc32aec94baebdba8ff648a948d074
SHA-256: 06344e5c8a947acceb2ce3e54637afd485efca9d40fa56e3105769a066018560
Size: 728.97 kB

Asianux Server 4 for x86_64

python-paramiko-1.7.5-5.AXS4.noarch.rpm
MD5: 3d15baf558f9fd8ece184a5d99a2536c
SHA-256: 344b40d2520df3a3ad0a73f2f4c50162810f628cb6c6e385f4e7a28cdf02eb62
Size: 728.52 kB

Main menu

You are here

python-paramiko-1.7.5-5.AXS4