========================================================================== Ubuntu Security Notice USN-6598-1 January 25, 2024
paramiko vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: A protocol flaw was fixed in Paramiko. Software Description: - paramiko: Python SSH2 library Details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: python3-paramiko 2.12.0-2ubuntu1.23.10.2 Ubuntu 22.04 LTS: python3-paramiko 2.9.3-0ubuntu1.2 Ubuntu 20.04 LTS: python3-paramiko 2.6.0-2ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6598-1 CVE-2023-48795 Package Information: https://launchpad.net/ubuntu/+source/paramiko/2.12.0-2ubuntu1.23.10.2 https://launchpad.net/ubuntu/+source/paramiko/2.9.3-0ubuntu1.2 https://launchpad.net/ubuntu/+source/paramiko/2.6.0-2ubuntu0.3
OpenPGP_signature.asc
Description: OpenPGP digital signature
