Amazon Linux 2 Security Advisory: ALASANSIBLE2-2023-002
Advisory Release Date: 2023-08-21 21:01 Pacific
Advisory Updated Date: 2023-09-25 22:13 Pacific
Severity:
Medium
Issue Overview:
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. (CVE-2022-24302)
Affected Packages:
python-paramiko
Note:
This advisory is applicable to Amazon Linux 2 - Ansible2 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update python-paramiko to update your system.
New Packages:
noarch:
python2-paramiko-1.16.1-3.amzn2.0.3.noarch
python-paramiko-doc-1.16.1-3.amzn2.0.3.noarch
src:
python-paramiko-1.16.1-3.amzn2.0.3.src