UbuntuUpdates.org

Package "paramiko"

Name: paramiko

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Make ssh v2 connections with Python (Documentation)
  • Make ssh v2 connections (Python 3)
Latest version: 2.6.0-2ubuntu0.3
Release: focal (20.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "paramiko" in Focal

Repository Area Version
base main 2.6.0-2
updates main 2.6.0-2ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.6.0-2ubuntu0.3 2024-01-25 14:10:07 UTC

  paramiko (2.6.0-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795-*.patch: implement strict key
      exchange.
    - debian/patches/fix_test_on_armhf.patch: fix test failing on armhf.
    - debian/patches/disable_flaky_test.patch: disable flaky
      test_sequence_numbers_reset_on_newkeys_when_strict test.
    - CVE-2023-48795
  * Enable test suite
    - debian/rules: re-enable tests.
    - debian/control: added python3-mock and python3-pytest to B-D.

 -- Marc Deslauriers <email address hidden> Fri, 12 Jan 2024 07:30:05 -0500
Source diff to previous version
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri

Version: 2.6.0-2ubuntu0.1 2022-03-28 19:06:26 UTC

  paramiko (2.6.0-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: race condition in write_private_key_file
    - debian/patches/CVE-2022-24302.patch: create file with proper
      permissions in paramiko/pkey.py, tests/test_pkey.py.
    - CVE-2022-24302

 -- Marc Deslauriers <email address hidden> Thu, 24 Mar 2022 09:25:44 -0400
CVE-2022-24302 In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information


About   -   Send Feedback to @ubuntu_updates