FEDORA-2018-6db2f7a02e created by pghmcfc 3 years ago for Fedora 27
stable

A flaw was found in the implementation of transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step.

This flaw is a user authentication bypass in the SSH Server functionality of Paramiko. Where Paramiko is used only for its client-side functionality (e.g. paramiko.SSHClient), the vulnerability is not exposed and thus cannot be exploited.

This update also fixes an issue where Ed25519 auth key decryption raised an unexpected exception when given a unicode password string (typical in Python 3).

How to install

sudo dnf upgrade --advisory=FEDORA-2018-6db2f7a02e

This update has been submitted for testing by pghmcfc.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

User Icon pwalter commented & provided feedback 3 years ago
karma

Works

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

3 years ago
User Icon sassam commented & provided feedback 3 years ago
karma

Works for me.

User Icon mhayden commented & provided feedback 3 years ago
karma

Working.

This update has been submitted for batched by pghmcfc.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1557130 CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
0
0
BZ#1557131 CVE-2018-7750 python-paramiko: Authentication bypass in transport.py [fedora-all]
0
0

Automated Test Results