Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in
paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this.
There is also an additional fix preventing
MSG_UNIMPLEMENTED feedback loops that could manifest when both ends of a connection are Paramiko-based.
sudo dnf upgrade --advisory=FEDORA-2018-3ff1cb628b
Please login to add feedback.