1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6598-1

[USN-6598-1] Paramiko vulnerability

Severity Medium
Affected Packages 6
CVEs 1
Info Packages Vulnerabilities

A protocol flaw was fixed in Paramiko.

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue.

Package Affected Version
pkg:deb/ubuntu/python3-paramiko?distro=mantic < 2.12.0-2ubuntu1.23.10.2
pkg:deb/ubuntu/python3-paramiko?distro=jammy < 2.9.3-0ubuntu1.2
pkg:deb/ubuntu/python3-paramiko?distro=focal < 2.6.0-2ubuntu0.3
pkg:deb/ubuntu/paramiko-doc?distro=mantic < 2.12.0-2ubuntu1.23.10.2
pkg:deb/ubuntu/paramiko-doc?distro=jammy < 2.9.3-0ubuntu1.2
pkg:deb/ubuntu/paramiko-doc?distro=focal < 2.6.0-2ubuntu0.3
ID
USN-6598-1
Severity
medium
Severity from
CVE-2023-48795
URL
https://ubuntu.com/security/notices/USN-6598-1
Published
2024-01-25T12:44:31
(7 months ago)
Modified
2024-01-25T12:44:31
(7 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/python3-paramiko?distro=mantic ubuntu python3-paramiko < 2.12.0-2ubuntu1.23.10.2 mantic
Affected pkg:deb/ubuntu/python3-paramiko?distro=jammy ubuntu python3-paramiko < 2.9.3-0ubuntu1.2 jammy
Affected pkg:deb/ubuntu/python3-paramiko?distro=focal ubuntu python3-paramiko < 2.6.0-2ubuntu0.3 focal
Affected pkg:deb/ubuntu/paramiko-doc?distro=mantic ubuntu paramiko-doc < 2.12.0-2ubuntu1.23.10.2 mantic
Affected pkg:deb/ubuntu/paramiko-doc?distro=jammy ubuntu paramiko-doc < 2.9.3-0ubuntu1.2 jammy
Affected pkg:deb/ubuntu/paramiko-doc?distro=focal ubuntu paramiko-doc < 2.6.0-2ubuntu0.3 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date