python-paramiko-2.1.1-9.el7

エラータID: AXSA:2019-3528:01

Release date: 
Friday, February 15, 2019 - 12:19
Subject: 
python-paramiko-2.1.1-9.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.

Security Fix(es):

* python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6
contains a Incorrect Access Control vulnerability in SSH server that
can result in RCE. This attack appear to be exploitable via network
connectivity.

Solution: 

Update packages.

CVEs: 
CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-paramiko-2.1.1-9.el7.src.rpm
    MD5: 0803447313a95384477a88fc53dad489
    SHA-256: c6872184f24ce39a309c173f946eaf66f7627648472374a7d0409a85897ab312
    Size: 268.30 kB

Asianux Server 7 for x86_64
  1. python-paramiko-2.1.1-9.el7.noarch.rpm
    MD5: 919251ba5e7fb9df20163cc64d421a79
    SHA-256: 7e758535e6af5d6b90137d533fa064cb43da5147e3047a3eecd6cf91bb69c3c8
    Size: 267.66 kB