Source: paramiko Version: 1.15.1-1 Severity: grave Tags: security upstream Forwarded: https://github.com/paramiko/paramiko/issues/1175
Hi, the following vulnerability was published for paramiko. CVE-2018-7750[0]: | transport.py in the SSH server implementation of Paramiko before | 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, | 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not | properly check whether authentication is completed before processing | other requests, as demonstrated by channel-open. A customized SSH | client can simply skip the authentication step. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7750 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7750 [1] https://github.com/paramiko/paramiko/issues/1175 Regards, Salvatore