In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. References: https://www.paramiko.org/changelog.html https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546
Created python-paramiko tracking bugs for this issue: Affects: epel-all [bug 2065667] Affects: fedora-all [bug 2065666]
services-assisted-installer affected/delegated: services-assisted-installer/assisted-test-infra:7bf31f4/paramiko-2.9.2 https://github.com/openshift/assisted-test-infra/blob/master/requirements.txt
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Virtualization Engine 4.4 Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 9 Via RHSA-2022:4712 https://access.redhat.com/errata/RHSA-2022:4712
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-24302
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:8845 https://access.redhat.com/errata/RHSA-2022:8845
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:8863 https://access.redhat.com/errata/RHSA-2022:8863