Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Ubuntu 16.04 ESM USN-5351-2 Critical: Paramiko Key Access Issue

ubuntu
Calendar Grey March 30, 2022
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5351-2 highlights a critical vulnerability in the paramiko library used with SSH for Python, urging users to upgrade to version 2.7.2 or later for protection
Paramiko would allow unintended access to private key files.

Summary

Paramiko would allow unintended access to private key files.

Software Description:

- paramiko: Python SSH2 library

Details:

USN-5351-1 fixed a vulnerability in Paramiko. This update provides

the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Jan Schejbal discovered that Paramiko incorrectly handled permissions when

writing private key files. A local attacker could possibly use this issue

to gain access to private keys.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
paramiko-doc 1.16.0-1ubuntu0.2+esm2
python-paramiko 1.16.0-1ubuntu0.2+esm2
python3-paramiko 1.16.0-1ubuntu0.2+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5351-2

https://ubuntu.com/security/notices/USN-5351-1

CVE-2022-24302

Severity
critical
Lowest
Low
Medium
High
Critical

March 30, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.