Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Debian 8: DLA-1556-1 Moderate: Paramiko Authentication Issue

debian lts
Calendar Grey October 27, 2018
Dist Debian Esm H88
Ubuntu LTS patch for paramiko addresses security flaws in verification processes involving unverified connections. Update advised.
CVE-2018-1000805 Fix to prevent malicious clients to trick the Paramiko server into thinking an unauthenticated client is authenticated

Summary

CVE-2018-7750
Fix check whether authentication is completed before processing
other requests. A customized SSH client can simply skip the
authentication step.


For Debian 8 "Jessie", these problems have been fixed in version
1.15.1-1+deb8u1.

We recommend that you upgrade your paramiko packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Package: paramiko
Version: 1.15.1-1+deb8u1
CVE ID: CVE-2018-7750 CVE-2018-1000805

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.