FEDORA-2022-bb5c461682 created by pghmcfc 2 months ago for Fedora 36
stable

CVE-2022-24302: Creation of new private key files using ~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using os.open and os.fdopen to ensure new files are opened with the correct mode immediately (we've left the subsequent explicit 'chmod' in place to minimize any possible disruption, though it may get removed in future backwards-incompatible updates).

How to install

sudo dnf upgrade --advisory=FEDORA-2022-bb5c461682

This update has been submitted for testing by pghmcfc.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

pghmcfc edited this update.

New build(s):

  • python-paramiko-2.10.2-1.fc36

Removed build(s):

  • python-paramiko-2.10.1-1.fc36

Karma has been reset.

2 months ago

This update has been submitted for testing by pghmcfc.

2 months ago

This update has been pushed to testing.

2 months ago

pghmcfc edited this update.

2 months ago

This update has been submitted for stable by bodhi.

2 months ago

pghmcfc edited this update.

New build(s):

  • python-paramiko-2.10.3-1.fc36

Removed build(s):

  • python-paramiko-2.10.2-1.fc36

Karma has been reset.

2 months ago

This update has been submitted for testing by pghmcfc.

2 months ago

This update has been pushed to testing.

2 months ago

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
3
Stable by Time
3 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
modified
2 months ago
BZ#2063488 python-paramiko-2.10.1 is available
0
0
BZ#2064270 python-paramiko-2.10.2 is available
0
0
BZ#2065665 CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file function
0
0
BZ#2065666 CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file function [fedora-all]
0
0
BZ#2065882 python-paramiko-2.10.3 is available
0
0

Automated Test Results