Univention Bugzilla – Bug 48071
paramiko: Multiple issues (4.2)
Last modified: 2018-11-01 13:56:55 CET
New Debian paramiko 1.15.1-1+deb8u1 fixes: This update addresses the following issues: * Authentication bypass in transport.py (CVE-2018-7750) * Authentication bypass in auth_handler.py (CVE-2018-1000805)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/paramiko_1.15.1-1.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/paramiko_1.15.1-1+deb8u1.dsc @@ -1,3 +1,14 @@ +1.15.1-1+deb8u1 [Sat, 27 Oct 2018 14:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-1000805 + Fix to prevent malicious clients to trick the Paramiko server into + thinking an unauthenticated client is authenticated. + * CVE-2018-7750 + Fix check whether authentication is completed before processing + other requests. A customized SSH client can simply skip the + authentication step. + 1.15.1-1 [Tue, 23 Sep 2014 14:07:59 -0400] Jeremy T. Bouse <jbouse@debian.org>: * Imported Upstream version 1.15.1 <http://10.200.17.11/4.2-5/#2762915385810191248>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] d961914223 Bug #48071: paramiko 1.15.1-1+deb8u1 doc/errata/staging/paramiko.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.2/537.html>