GLSA-200803-07 : Paramiko: Information disclosure
Medium Nessus Plugin ID 31382
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200803-07 (Paramiko: Information disclosure)
Dwayne C. Litzenberger reported that the file 'common.py' does not properly use RandomPool when using threads or forked processes.
A remote attacker could predict the values generated by applications using Paramiko for encryption purposes, potentially gaining access to sensitive information.
There is no known workaround at this time.
SolutionAll Paramiko users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/paramiko-1.7.2'