[SECURITY] [DLA 1556-1] paramiko security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : paramiko
Version : 1.15.1-1+deb8u1
CVE ID : CVE-2018-7750 CVE-2018-1000805
CVE-2018-1000805
Fix to prevent malicious clients to trick the Paramiko server into
thinking an unauthenticated client is authenticated.
CVE-2018-7750
Fix check whether authentication is completed before processing
other requests. A customized SSH client can simply skip the
authentication step.
For Debian 8 "Jessie", these problems have been fixed in version
1.15.1-1+deb8u1.
We recommend that you upgrade your paramiko packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJb1IceXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHy8MP/Rr/0LK9JmGc0hsR5wngL0lU
K5yLU06S4a6aFmN1fwRUnoaeL0Q45ds+OjJufD26YtuFH5maP2goquEXwuxZrBH6
4wkSQbYOQsCdEXPeTq6W6Z7L7lp3SYsIL44V8yWD3qhVygeRXYS9ii9/vHJih0aF
J/bByWHdZ08CUs55CQifGUI8fhCE3fmmrY7JI0JCvASalvjZLYTMH5+AyRaSHyYI
EPxn7BJPm+bJGbAWn2HIWPIonvYA73das88dDOWZ0KQFPYmkKJWEMkXb+akbFrIa
oOVcZPX2VcD+Nq06jvUUUTI/TUW9RmU+M0OGNdG/CejTSXF6ijKW81wfgR7c8tur
V4+45X7St1iQ6IbLHiavTBfHdJylvXAk0BaToTTbAu9y7lke9nj3++5gZcBJFnoL
D1bDWbpOJoggyCi2hk4M4nIOal+1pvZdAM0/LjQEXeTF67FrJB3iqIH+soF8HS30
24AHhFba9HBOPI2Zrry2ncvtL6NrurNxEwUSIdGarH+BSlHX0c19SLlNmCeRtUu5
MSGQ1nJ8cqJ2YI7Fwa8udCJ9aQPp7uGDq2pi+i1hYgA4uJGJ6wUkygOs1u8ZutD1
9m8yQj9o7wTD/80Emqd1BFJipYirn5u35gaZPTD4UM3V8b5F9yJCjB8oLcsJ/Ebc
SK+z5RQHQjLedA7foZFj
=pEt+
-----END PGP SIGNATURE-----
Reply to: