RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/
Bug 2068130 - CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file function [rdo yoga]
Summary: CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: RDO
Classification: Community
Component: distribution
Version: trunk
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: trunk
Assignee: Alfredo Moralejo
QA Contact: Shai Revivo
URL:
Whiteboard:
Depends On:
Blocks: CVE-2022-24302
TreeView+ depends on / blocked
 
Reported: 2022-03-24 14:17 UTC by Sandro Bonazzola
Modified: 2023-06-08 13:14 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-06-08 13:14:02 UTC
Embargoed:

Attachments (Terms of Use)

Description Sandro Bonazzola 2022-03-24 14:17:30 UTC 
This bug was created to ensure that one or more security vulnerabilities are fixed in affected versions of RDO.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
Comment 1 Sandro Bonazzola 2022-03-24 14:18:58 UTC 
For el8 I backported the patch to the version we have in CBS here: https://cbs.centos.org/koji/buildinfo?buildID=38348

But I had no time to handle the el9 side and seems python-paramiko-2.8.0-1.el9s is affected
Comment 2 Sandro Bonazzola 2023-06-08 13:14:02 UTC 
2.11 available in RDO https://cbs.centos.org/koji/buildinfo?buildID=39584 ; closing
Note You need to log in before you can comment on or make changes to this bug.