This bug was created to ensure that one or more security vulnerabilities are fixed in affected versions of RDO. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field.
For el8 I backported the patch to the version we have in CBS here: https://cbs.centos.org/koji/buildinfo?buildID=38348 But I had no time to handle the el9 side and seems python-paramiko-2.8.0-1.el9s is affected
2.11 available in RDO https://cbs.centos.org/koji/buildinfo?buildID=39584 ; closing