UbuntuUpdates.org

Package "paramiko-doc"

Name: paramiko-doc

Description:

Make ssh v2 connections with Python (Documentation)

Latest version: 2.6.0-2ubuntu0.3
Release: focal (20.04)
Level: updates
Repository: main
Head package: paramiko
Homepage: https://github.com/paramiko/paramiko/

Links


Download "paramiko-doc"


Other versions of "paramiko-doc" in Focal

Repository Area Version
base main 2.6.0-2
security main 2.6.0-2ubuntu0.3

Changelog

Version: 2.6.0-2ubuntu0.3 2024-01-25 15:11:50 UTC

  paramiko (2.6.0-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795-*.patch: implement strict key
      exchange.
    - debian/patches/fix_test_on_armhf.patch: fix test failing on armhf.
    - debian/patches/disable_flaky_test.patch: disable flaky
      test_sequence_numbers_reset_on_newkeys_when_strict test.
    - CVE-2023-48795
  * Enable test suite
    - debian/rules: re-enable tests.
    - debian/control: added python3-mock and python3-pytest to B-D.

 -- Marc Deslauriers <email address hidden> Fri, 12 Jan 2024 07:30:05 -0500

Source diff to previous version
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri

Version: 2.6.0-2ubuntu0.1 2022-03-28 19:06:27 UTC

  paramiko (2.6.0-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: race condition in write_private_key_file
    - debian/patches/CVE-2022-24302.patch: create file with proper
      permissions in paramiko/pkey.py, tests/test_pkey.py.
    - CVE-2022-24302

 -- Marc Deslauriers <email address hidden> Thu, 24 Mar 2022 09:25:44 -0400

CVE-2022-24302 In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information



About   -   Send Feedback to @ubuntu_updates