2018-10-30
ALT-BU-2018-3543-3
Branch sisyphus update bulletin.
Closed bugs
Не работает с tcl/tk из бранча
Package python-module-paramiko updated to version 2.4.2-alt1 for branch sisyphus in task 215735.
Closed vulnerabilities
Published: 2019-07-30
Modified: 2023-11-21
Modified: 2023-11-21
BDU:2019-02721
Уязвимость библиотеки Paramiko операционных систем Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization и консоли управления Red Hat Ansible Tower, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2018-10-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Severity: MEDIUM (6.5)Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://access.redhat.com/errata/RHBA-2018:3497
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3505
- https://github.com/paramiko/paramiko/issues/1283
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3796-1/
- https://usn.ubuntu.com/3796-2/
- https://usn.ubuntu.com/3796-3/
- https://access.redhat.com/errata/RHBA-2018:3497
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3505
- https://github.com/paramiko/paramiko/issues/1283
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3796-1/
- https://usn.ubuntu.com/3796-2/
- https://usn.ubuntu.com/3796-3/
Published: 2018-10-10
Modified: 2024-10-09
Modified: 2024-10-09
GHSA-f2j6-wrhh-v25m
Paramiko Authentication Bypass vulnerability
Severity: HIGH (8.7)Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (8.7)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000805
- https://github.com/paramiko/paramiko/issues/1283
- https://access.redhat.com/errata/RHBA-2018:3497
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3505
- https://github.com/advisories/GHSA-f2j6-wrhh-v25m
- https://github.com/paramiko/paramiko
- https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3796-1
- https://usn.ubuntu.com/3796-2
- https://usn.ubuntu.com/3796-3