CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we've left the subsequent explicit 'chmod' in place to minimize any possible disruption, though it may get removed in future backwards-incompatible updates).
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2022-806492f1d1Please login to add feedback.
This update has been submitted for testing by pghmcfc.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
pghmcfc edited this update.
pghmcfc edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by pghmcfc.
This update has been pushed to testing.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.