Fedora 29 : python-paramiko (2018-ea6b328afd)
Medium Nessus Plugin ID 120878
SynopsisThe remote Fedora host is missing a security update.
DescriptionPython Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this.
There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected python-paramiko package.