Security update for python-paramiko SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0799-1 Final 1 1 2018-03-23T18:01:45Z current 2018-03-23T18:01:45Z 2018-03-23T18:01:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-paramiko This update for python-paramiko fixes the following issues: - CVE-2018-7750: Fixed transport.py in the SSH server implementation of Paramiko that does not properly check whether authentication is completed before processing other requests (bsc#1085276). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00057.html E-Mail link for openSUSE-SU-2018:0799-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 python-paramiko-2.0.8-4.3.1 python-paramiko-2.0.8-4.3.1 as a component of openSUSE Leap 42.3 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. CVE-2018-7750 openSUSE Leap 42.3:python-paramiko-2.0.8-4.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00057.html https://www.suse.com/security/cve/CVE-2018-7750.html CVE-2018-7750 https://bugzilla.suse.com/1085276 SUSE Bug 1085276 https://bugzilla.suse.com/1111151 SUSE Bug 1111151