stable

python-paramiko-2.1.1-0.4.el7

FEDORA-EPEL-2018-86171fce03 created by pghmcfc 5 years ago for Fedora EPEL 7

A flaw was found in the implementation of transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step.

This flaw is a user authentication bypass in the SSH Server functionality of Paramiko. Where Paramiko is used only for its client-side functionality (e.g. paramiko.SSHClient), the vulnerability is not exposed and thus cannot be exploited.

This update has been submitted for testing by pghmcfc.

5 years ago

This update has been pushed to testing.

5 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

5 years ago

This update has been submitted for batched by pghmcfc.

5 years ago

This update has been submitted for stable by bodhi.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Builds
1
python-paramiko-2.1.1-0.4.el7
Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#1557130 CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
0
0
BZ#1557132 CVE-2018-7750 python-paramiko: Authentication bypass in transport.py [epel-all]
0
0
python-paramiko-2.1.1-0.4.el7

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.1 on bodhi-web-86-nxdz4.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy