Univention Bugzilla – Bug 55199
paramiko: Multiple issues (5.0)
Last modified: 2022-09-13 17:50:24 CEST
New Debian paramiko 2.4.2-0.1+deb10u1 fixes: This update addresses the following issue: * Race condition in the write_private_key_file function (CVE-2022-24302)
--- mirror/ftp/pool/main/p/paramiko/paramiko_2.4.2-0.1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/paramiko_2.4.2-0.1+deb10u1.dsc @@ -1,3 +1,10 @@ +2.4.2-0.1+deb10u1 [Mon, 12 Sep 2022 10:32:20 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2022-24302: Prevent a race condition between creation and subsequent + chmod in the write_private_key_file function which could have allowed + unauthorised information disclosures. + * Re-enable testsuite. + 2.4.2-0.1 [Sat, 01 Dec 2018 14:30:29 +0100] Gaudenz Steinlin <gaudenz@debian.org>: * New upstream version 2.4.2 (Closes: #892859) <http://piuparts.knut.univention.de/5.0-2/#1822466721748768193>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x419>