CVE-2022-24302: Creation of new private key files using
~paramiko.pkey.PKey subclasses was subject to a race condition between file creation and mode modification, which could be exploited by an attacker with knowledge of where the Paramiko-using code would write out such files; this has been patched by using
os.fdopen to ensure new files are opened with the correct mode immediately (we've left the subsequent explicit 'chmod' in place to minimize any possible disruption, though it may get removed in future backwards-incompatible updates).
sudo dnf upgrade --advisory=FEDORA-2022-bb5c461682
Please login to add feedback.