First published: Mon Oct 22 2018(Updated: )
USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-paramiko | <2.4.1-0ubuntu3.1 | 2.4.1-0ubuntu3.1 |
=18.10 | ||
All of | ||
ubuntu/python-paramiko | <2.4.1-0ubuntu3.1 | 2.4.1-0ubuntu3.1 |
=18.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-3796-3.
The affected software is python3-paramiko version 2.4.1-0ubuntu3.1 on Ubuntu 18.10.
An attacker can bypass authentication when Paramiko is used as a server.
You can fix this vulnerability by updating to version 2.4.1-0ubuntu3.1 of python3-paramiko.
You can find more information about this vulnerability on the Ubuntu security website.