Changelog re security flaw email, re #908

1 files changed, 24 insertions, 0 deletions

diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 49b41f41..4ee19f82 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,30 @@
 Changelog
 =========
 
+- :bug:`-` (also :issue:`908`) Update `~paramiko.pkey.PKey` and subclasses to
+  compare (``__eq__``) via direct field/attribute comparison instead of hashing
+  (while retaining the existing behavior of ``__hash__`` via a slight
+  refactor). Big thanks to Josh Snyder and Jun Omae for the reports, and to
+  Josh Snyder for reproduction details & patch.
+
+  .. warning::
+    This fixes a security flaw! If you are running Paramiko on 32-bit systems
+    with low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 which
+    is running with ``PYTHONHASHSEED=0``) it is possible for an attacker to
+    craft a new keypair from an exfiltrated public key, which Paramiko would
+    consider equal to the original key.
+
+    This could enable attacks such as, but not limited to, the following:
+
+    - Paramiko server processes would incorrectly authenticate the attacker
+      (using their generated private key) as if they were the victim. We see
+      this as the most plausible attack using this flaw.
+    - Paramiko client processes would incorrectly validate a connected server
+      (when host key verification is enabled) while subjected
+      to a man-in-the-middle attack. This impacts more users than the
+      server-side version, but also carries higher requirements for the
+      attacker, namely successful DNS poisoning or other MITM techniques.
+
 - :release:`2.8.0 <2021-10-09>`
 - :support:`-` Administrivia overhaul, including but not limited to: