English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.885528
Category:Fedora Local Security Checks
Title:Fedora: Security Advisory for python-paramiko (FEDORA-2024-39a8c72ea9)
Summary:The remote host is missing an update for the 'python-paramiko'; package(s) announced via the FEDORA-2024-39a8c72ea9 advisory.
Description:Summary:
The remote host is missing an update for the 'python-paramiko'
package(s) announced via the FEDORA-2024-39a8c72ea9 advisory.

Vulnerability Insight:
Paramiko (a combination of the Esperanto words for 'paranoid' and
'friend') is
a module for python 2.3 or greater that implements the SSH2 protocol for secure
(encrypted and authenticated) connections to remote machines. Unlike SSL (aka
TLS), the SSH2 protocol does not require hierarchical certificates signed by a
powerful central authority. You may know SSH2 as the protocol that replaced
telnet and rsh for secure access to remote shells, but the protocol also
includes the ability to open arbitrary channels to remote services across an
encrypted tunnel (this is how sftp works, for example).

Affected Software/OS:
'python-paramiko' package(s) on Fedora 38.

Solution:
Please install the updated package(s).

CVSS Score:
5.4

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-48795
Debian Security Information: DSA-5586 (Google Search)
https://www.debian.org/security/2023/dsa-5586
Debian Security Information: DSA-5588 (Google Search)
https://www.debian.org/security/2023/dsa-5588
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
http://seclists.org/fulldisclosure/2024/Mar/21
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://gitlab.com/libssh/libssh-mirror/-/tags
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://oryx-embedded.com/download/#changelog
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.