Univention Bugzilla – Bug 54279
paramiko: Multiple issues (4.4)
Last modified: 2022-01-05 17:58:51 CET
New Debian paramiko 2.0.0-1+deb9u1 fixes: This update addresses the following issues: * Authentication bypass in transport.py (CVE-2018-7750) * Authentication bypass in auth_handler.py (CVE-2018-1000805)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/paramiko_2.0.0-1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/paramiko_2.0.0-1+deb9u1.dsc @@ -1,3 +1,14 @@ +2.0.0-1+deb9u1 [Tue, 28 Dec 2021 02:09:08 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS Team. + * Fixes:CVE-2018-1000805; Closes: #910760. + Fix to prevent malicious clients to trick the Paramiko server into + thinking an unauthenticated client is authenticated. + * Fixes: CVE-2018-7750; Closes: #892859. + Fix check whether authentication is completed before processing + other requests. A customized SSH client can simply skip the + authentication step. + 2.0.0-1 [Wed, 08 Jun 2016 23:56:41 -0400] Jeremy T. Bouse <jbouse@debian.org>: * Imported Upstream version 2.0.0 (Closes: #826737) <http://piuparts.knut.univention.de/4.4-8/#6541131857081962618>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1140>