Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 16.04 ESM USN-5351-2 Critical: Paramiko Key Access Issue

Calendar Mar 30, 2022 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory update critical access control Ubuntu paramiko key file
Paramiko would allow unintended access to private key files. 
=========================================================================Ubuntu Security Notice USN-5351-2
March 30, 2022

paramiko vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Paramiko would allow unintended access to private key files.

Software Description:
- paramiko: Python SSH2 library

Details:

USN-5351-1 fixed a vulnerability in Paramiko. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Jan Schejbal discovered that Paramiko incorrectly handled permissions when
writing private key files. A local attacker could possibly use this issue
to gain access to private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
paramiko-doc 1.16.0-1ubuntu0.2+esm2
python-paramiko 1.16.0-1ubuntu0.2+esm2
python3-paramiko 1.16.0-1ubuntu0.2+esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5351-2
https://ubuntu.com/security/notices/USN-5351-1
CVE-2022-24302

Ubuntu 16.04 ESM USN-5351-2 Critical: Paramiko Key Access Issue

ubuntu
Calendar Grey March 30, 2022
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5351-2 highlights a critical vulnerability in the paramiko library used with SSH for Python, urging users to upgrade to version 2.7.2 or later for protection
Paramiko would allow unintended access to private key files.

Summary

Topics%20covered

Topics Covered

security advisory update critical access control Ubuntu paramiko key file

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: paramiko-doc 1.16.0-1ubuntu0.2+esm2 python-paramiko 1.16.0-1ubuntu0.2+esm2 python3-paramiko 1.16.0-1ubuntu0.2+esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5351-2

https://ubuntu.com/security/notices/USN-5351-1

CVE-2022-24302

Severity
critical
Lowest
Low
Medium
High
Critical

March 30, 2022

Topics%20covered

Topics Covered

security advisory update critical access control Ubuntu paramiko key file

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here