Bug 2068130

Summary: CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file function [rdo yoga]
Product: [Community] RDO Reporter: Sandro Bonazzola <sbonazzo>
Component: distributionAssignee: Alfredo Moralejo <amoralej>
Status: CLOSED CURRENTRELEASE QA Contact: Shai Revivo <srevivo>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: trunkCC: jpena, markmc, srevivo, ykarel
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: trunk   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-08 13:14:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2065665    

Description Sandro Bonazzola 2022-03-24 14:17:30 UTC 
This bug was created to ensure that one or more security vulnerabilities are fixed in affected versions of RDO.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
Comment 1 Sandro Bonazzola 2022-03-24 14:18:58 UTC 
For el8 I backported the patch to the version we have in CBS here: https://cbs.centos.org/koji/buildinfo?buildID=38348

But I had no time to handle the el9 side and seems python-paramiko-2.8.0-1.el9s is affected
Comment 2 Sandro Bonazzola 2023-06-08 13:14:02 UTC 
2.11 available in RDO https://cbs.centos.org/koji/buildinfo?buildID=39584 ; closing