Lucene search

DebianDEBIAN:DLA-2959-1:51BD9

HistoryMar 21, 2022 - 11:38 a.m.

[SECURITY] [DLA 2959-1] paramiko security update

2022-03-2111:38:47

lists.debian.org

paramiko

ssh algorithm

information disclosure

debian 9

stretch

security update

cve-2022-24302

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Debian LTS Advisory DLA-2959-1 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
March 21, 2022 https://wiki.debian.org/LTS

Package : paramiko
Version : 2.0.0-1+deb9u2
CVE ID : CVE-2022-24302
Debian Bug : #1008012

It was discovered that there was a potential race condition in
Paramiko, a pure-Python implementation of the SSH algorithm. In
particular, unauthorised information disclosure could have occurred
during the creation of SSH private keys.

For Debian 9 "Stretch", this problem has been fixed in version
2.0.0-1+deb9u2.

We recommend that you upgrade your paramiko packages.

For the detailed security status of paramiko please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/paramiko

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10allparamiko-doc< 2.4.2-0.1+deb10u1paramiko-doc_2.4.2-0.1+deb10u1_all.deb
Debian9allpython3-paramiko< 2.0.0-1+deb9u2python3-paramiko_2.0.0-1+deb9u2_all.deb
Debian10allpython-paramiko< 2.4.2-0.1+deb10u1python-paramiko_2.4.2-0.1+deb10u1_all.deb
Debian10allpython3-paramiko< 2.4.2-0.1+deb10u1python3-paramiko_2.4.2-0.1+deb10u1_all.deb
Debian9allpython-paramiko< 2.0.0-1+deb9u2python-paramiko_2.0.0-1+deb9u2_all.deb
Debian10allparamiko< 2.4.2-0.1+deb10u1paramiko_2.4.2-0.1+deb10u1_all.deb
Debian9allparamiko-doc< 2.0.0-1+deb9u2paramiko-doc_2.0.0-1+deb9u2_all.deb
Debian9allparamiko< 2.0.0-1+deb9u2paramiko_2.0.0-1+deb9u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	paramiko-doc	< 2.4.2-0.1+deb10u1	paramiko-doc_2.4.2-0.1+deb10u1_all.deb
Debian	9	all	python3-paramiko	< 2.0.0-1+deb9u2	python3-paramiko_2.0.0-1+deb9u2_all.deb
Debian	10	all	python-paramiko	< 2.4.2-0.1+deb10u1	python-paramiko_2.4.2-0.1+deb10u1_all.deb
Debian	10	all	python3-paramiko	< 2.4.2-0.1+deb10u1	python3-paramiko_2.4.2-0.1+deb10u1_all.deb
Debian	9	all	python-paramiko	< 2.0.0-1+deb9u2	python-paramiko_2.0.0-1+deb9u2_all.deb
Debian	10	all	paramiko	< 2.4.2-0.1+deb10u1	paramiko_2.4.2-0.1+deb10u1_all.deb
Debian	9	all	paramiko-doc	< 2.0.0-1+deb9u2	paramiko-doc_2.0.0-1+deb9u2_all.deb
Debian	9	all	paramiko	< 2.0.0-1+deb9u2	paramiko_2.0.0-1+deb9u2_all.deb