You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke paramiko

Sigurnosni nedostatak programske biblioteke paramiko

==========================================================================
Ubuntu Security Notice USN-3796-1
October 17, 2018

paramiko vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Paramiko could allow unintended access to network services.

Software Description:
– paramiko: Python SSH2 library

Details:

Daniel Hoffman discovered that Paramiko incorrectly handled authentication
when being used as a server. A remote attacker could use this issue to
bypass authentication without any credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
python-paramiko 2.0.0-1ubuntu1.1
python3-paramiko 2.0.0-1ubuntu1.1

Ubuntu 16.04 LTS:
python-paramiko 1.16.0-1ubuntu0.2
python3-paramiko 1.16.0-1ubuntu0.2

Ubuntu 14.04 LTS:
python-paramiko 1.10.1-1git1ubuntu0.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3796-1
CVE-2018-1000805

Package Information:
https://launchpad.net/ubuntu/+source/paramiko/2.0.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/paramiko/1.16.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/paramiko/1.10.1-1git1ubuntu0.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlvHQpcACgkQZWnYVadE
vpMH5xAAkg0mihneHeodk1eKC73Nm0Qz1TpZwf5xRw1Ixx+PB2miGkUiyjfEznNq
0h5ceB/wIpd4VvOBUlK+oR95w97/2nBq2yuSVxSb1u4BwkE+wIXvbnMEwqwvW41C
McTbOrIMqdNdSO5mzROzq4PA2LyaWEWwkMbGZ9RkHM+64rr58OwACwx0GeFLXcQT
I8vxDbUrfdcJvI6jZmKzOcQzrs6ZP5PAEqQ6o7WBkmOA2bfh/SIDUY1eqEDc+qap
JkqgQJoWhfxxAbrZ7mKVxRgM9+CSMFeC+s37910qpQux2M72RlIh3HRFY+9HFzdz
m9RMJujZ6Jg/XT0C6EKq/fyIO7C8XKZQPdVfC54jrS7ucGF4mfRXuMsYTV0i+WXU
VEicejVnr8Gk55OXEwuQ0xeBWWzcJOWxZcdwfeG1cLqq78EQp/GIQkpxzanKkes3
WL/CQu96lFQFPjt6QJ2cbKDbWvGEQJEHYTwJzzNJfyaZ6pCLYgMCW04njnPEZStx
ZABjIj0uEOfwsY1elGPZ0thSdZgLcJSj12nDBTZj6/Wnh5rMCd6onijBHhrFQQuc
2oxs7f+wZICXJ1w8Vu79CC61JyGWYFmOyrNwJaPrHK2KJCw069TgxEGpVOJsjPUW
ZX070+l9Do/JFyxME03rkVdYfJWLab+ZuEhQrtcs3xKNB5jDbvs=
=R5+W
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3796-2
October 17, 2018

paramiko vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Paramiko could allow unintended access to network services.

Software Description:
– paramiko: Python SSH2 library

Details:

USN-3796-1 fixed a vulnerability in paramiko. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Daniel Hoffman discovered that Paramiko incorrectly handled
 authentication when being used as a server. A remote attacker could
 use this issue to bypass authentication without any credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  python-paramiko                 1.7.7.1-2ubuntu1.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3796-2
  https://usn.ubuntu.com/usn/usn-3796-1
  CVE-2018-1000805—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbx4bpAAoJEEW851uECx9pNRIP/i5m5boB5++SRMaSUxp0qWbK
nBjOhO68AgOSmM65nrU2YK2ctIvO5hVqGjwAswPkxn+gkoOlTVU2+N+xWMm9sqUv
Al511BLJJBxJUdS02jfok5M9orO1IdrWxweyLYHf78Lm7w99nAjdWUrua5G4oZTH
8CBJPYtikZKI6uDYBkSn1YbZ3FJMoY0r1EDKYOXV2ngbRe8/qZSPPmrl3j8AZURF
d06zjy6AT9rCgXZD93lAXwtRRk/f1rbVK7szos04aFHYV2zzT0kX6lfvtw3T6GP5
A07QS9Aqzq41DxkgO2jSgOBrhAO+dvXtO7uvcNQKV/XWYE9IVhEBc779QeMt/FO/
uWmkuviGZgu8Dgp6qLMqOYOyR+Pl3vhx8I2sGyZvkeBU/ujw6FwAvPQjnAK68vSE
UA5jeSB18O32d0GOGSqqX94kNeyMZTGrm5PqOvSHOnMvNoFw3J+OQgmvfsIAJQBu
p/147o6io9a1VhnvfA9wo5+bMDAbDNLdmiPUsv/+T5Rz4NPKZXtdm34EAevsHwwO
rEgrxWyhv41Or/azAkivGWvLXaCxhrnHRlEireyTzM2ClXFbm36xjXkFqTXqQwcL
eOSfQFfjHml0sxJ7zW5bzS2x1imjgk+3uNNBHyMm511B80CytUDGuVlAqiFzH6qA
OZDQHn/NE6di/RH2QJj8
=rKHi
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libssh

Otkriven je sigurnosni nedostatak programske biblioteke libssh za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja. Savjetuje...

Close