-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3104-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb September 12, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : paramiko Version : 2.4.2-0.1+deb10u1 CVE ID : CVE-2022-24302 Debian Bug : #1008012 It was discovered that there was a potential race condition in Paramiko, a pure-Python implementation of the SSH algorithm. In particular, unauthorised information disclosure could have occurred during the creation of SSH private keys. For Debian 10 buster, this problem has been fixed in version 2.4.2-0.1+deb10u1. We recommend that you upgrade your paramiko packages. For the detailed security status of paramiko please refer to its security tracker page at: https://security-tracker.debian.org/tracker/paramiko Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmMfAkEACgkQHpU+J9Qx HljMKg//ceJZVramIjIoFAP1DhQQcpm46/rncJ6f5IZNE45uxgK8BAf1ykyzRa8j ufLLOSaimjMQ9W0r8NUp3D05BKL2x4ekg0nxluP00CHUqDfzAmti+akQQD0Ddnxw 1eFIpoU5eARge0VyeP1V2y9Sj7dHDTNmKv+QNiUmQx5JR4heXJXPBRmtEgBOLaX6 YB1Io27r3w4oFijd46f4lgDihJJsQVNL2tNlwZQEVqzPm/YoTqPM+MB+o/zKTpUp fdhLGL01lc0JvH983Hx/KD46U3SReScbQttzHvAWJ7zqUwxejer/De1lyiR3LmKf cSmPs9a8su2onwyIZ5RD9t/QotS7JBHrOnAHpkMqtmj/S75vxnyZ5X+psMJAs6so /8QaDu26mjFH8PLhj1Kqmrhx0snY1l+XIfleWS+Pql4KNzVchMKnXMKpy4vVBOuG x1WdjYLIaaWMNalsp4C0degT6cEQqdCelbh1tj3xIPrDEawZRdsGI6BEBizqJJmh dyG4KfV7eMpmpHBDRM/ToFHA726SzRFSx5xBORjLogyfgoK0AmU6f/cX0WwdhFn8 7HYPoJtNQJV2M7vUP6Lq48likaAKXpzBqYw45UQJp31EbXu03o5yC3ZxrFlr9fit J5KfhgwVGnZIgoFT8KJTScW7UAkMP8R3Y+18Qq1f0aOZChLqg3E= =zZYw -----END PGP SIGNATURE-----