=========================================================================Ubuntu Security Notice USN-5351-2
March 30, 2022

paramiko vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Paramiko would allow unintended access to private key files.

Software Description:
- paramiko: Python SSH2 library

Details:

USN-5351-1 fixed a vulnerability in Paramiko. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Jan Schejbal discovered that Paramiko incorrectly handled permissions when
writing private key files. A local attacker could possibly use this issue
to gain access to private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
paramiko-doc 1.16.0-1ubuntu0.2+esm2
python-paramiko 1.16.0-1ubuntu0.2+esm2
python3-paramiko 1.16.0-1ubuntu0.2+esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5351-2
https://ubuntu.com/security/notices/USN-5351-1
CVE-2022-24302

Ubuntu 5351-2: Paramiko vulnerability

March 30, 2022
Paramiko would allow unintended access to private key files.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: paramiko-doc 1.16.0-1ubuntu0.2+esm2 python-paramiko 1.16.0-1ubuntu0.2+esm2 python3-paramiko 1.16.0-1ubuntu0.2+esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5351-2

https://ubuntu.com/security/notices/USN-5351-1

CVE-2022-24302

Severity
March 30, 2022

Package Information

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo