Security update for python-paramiko SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:1447-1 Final 1 1 2022-04-28T07:47:28Z current 2022-04-28T07:47:28Z 2022-04-28T07:47:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-paramiko This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys. (bsc#1197279) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP4-Azure-BYOS-2022-1447,Image SLES12-SP4-SAP-Azure-BYOS-2022-1447,Image SLES12-SP5-Azure-BYOS-2022-1447,Image SLES12-SP5-Azure-Basic-On-Demand-2022-1447,Image SLES12-SP5-Azure-HPC-BYOS-2022-1447,Image SLES12-SP5-Azure-HPC-On-Demand-2022-1447,Image SLES12-SP5-Azure-SAP-BYOS-2022-1447,Image SLES12-SP5-Azure-SAP-On-Demand-2022-1447,Image SLES12-SP5-Azure-Standard-On-Demand-2022-1447,SUSE-2022-1447,SUSE-SLE-Module-Public-Cloud-12-2022-1447 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20221447-1/ Link for SUSE-SU-2022:1447-1 https://lists.suse.com/pipermail/sle-security-updates/2022-April/010861.html E-Mail link for SUSE-SU-2022:1447-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1197279 SUSE Bug 1197279 https://www.suse.com/security/cve/CVE-2022-24302/ SUSE CVE CVE-2022-24302 page Image SLES12-SP4-Azure-BYOS Image SLES12-SP4-SAP-Azure-BYOS Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-Basic-On-Demand Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand SUSE Linux Enterprise Module for Public Cloud 12 python3-paramiko-2.4.0-9.13.1 python-paramiko-2.4.0-9.13.1 python-paramiko-doc-2.4.0-9.13.1 python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP4-Azure-BYOS python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP4-SAP-Azure-BYOS python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP5-Azure-BYOS python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP5-Azure-Basic-On-Demand python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand python3-paramiko-2.4.0-9.13.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand python-paramiko-2.4.0-9.13.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python-paramiko-doc-2.4.0-9.13.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python3-paramiko-2.4.0-9.13.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. CVE-2022-24302 Image SLES12-SP4-Azure-BYOS:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP4-SAP-Azure-BYOS:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP5-Azure-BYOS:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-paramiko-2.4.0-9.13.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-paramiko-2.4.0-9.13.1 SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-2.4.0-9.13.1 SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-doc-2.4.0-9.13.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-2.4.0-9.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20221447-1/ https://www.suse.com/security/cve/CVE-2022-24302.html CVE-2022-24302 https://bugzilla.suse.com/1197279 SUSE Bug 1197279