- ---------------------------------------------------------------------
Debian LTS Advisory DLA-2860-1            [email protected]
https://www.debian.org/lts/security/                    Utkarsh Gupta
December 28, 2021                         https://wiki.debian.org/LTS
- ---------------------------------------------------------------------

Package        : paramiko
Version        : 2.0.0-1+deb9u1
CVE ID         : CVE-2018-7750 CVE-2018-1000805
Debian Bug     : 892859 910760

A couple of vulnerabilites were found in paramiko, an implementation
of SSHv2 protocol in Python.


     Fix to prevent malicious clients to trick the Paramiko server
     into thinking an unauthenticated client is authenticated.


     Fix check whether authentication is completed before processing
     other requests. A customized SSH client can simply skip the
     authentication step.

For Debian 9 stretch, these problems have been fixed in version

We recommend that you upgrade your paramiko packages.

For the detailed security status of paramiko please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS