Fedora 7 Critical Security Advisory: python-paramiko RandomPool Fix

Paramiko (a combination of the esperanto words for "paranoid" and "friend") is

a module for python 2.3 or greater that implements the SSH2 protocol for secure

(encrypted and authenticated) connections to remote machines. Unlike SSL (aka

TLS), the SSH2 protocol does not require heirarchical certificates signed by a

powerful central authority. You may know SSH2 as the protocol that replaced

telnet and rsh for secure access to remote shells, but the protocol also

includes the ability to open arbitrary channels to remote services across an

encrypted tunnel. (This is how sftp works, for example.)

Apply patch to fix recently discovered security problem.

* Mon Jan 14 2008 Jeffrey C. Ollie - 1.7.1-3

- Update to latest Python packaging guidelines.

- Apply patch that fixes insecure use of RandomPool.

* Thu Jul 19 2007 Jeffrey C. Ollie - 1.7.1-2

- Bump rev

* Thu Jul 19 2007 Jeffrey C. Ollie - 1.7.1-1

- Update to 1.7.1

[ 1 ] Bug #428728 - Paramiko insecure use of RandomPool [Fedora 7]

https://bugzilla.redhat.com/show_bug.cgi?id=428728

[ 2 ] Bug #428727 - Paramiko insecure use of RandomPool

https://bugzilla.redhat.com/show_bug.cgi?id=428727

e1d662021dcbd21e4afd1786b54b6cb7c72823a9 python-paramiko-1.7.1-3.fc7.noarch.rpm

50b837bf5a4f43d8770e44fd435cf2a12c085804 python-paramiko-1.7.1-3.fc7.src.rpm

This update can be installed with the "yum" update program. Use

su -c 'yum update python-paramiko'

at the command line. For more information, refer to "Managing Software

with yum", available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/