diff --git a/paramiko-3.3.1.tar.gz b/paramiko-3.3.1.tar.gz
deleted file mode 100644
index 17405ba..0000000
--- a/paramiko-3.3.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6a3777a961ac86dbef375c5f5b8d50014a1a96d0fd7f054a43bc880134b0ff77
-size 1270242
diff --git a/paramiko-3.4.0.tar.gz b/paramiko-3.4.0.tar.gz
new file mode 100644
index 0000000..f2db31d
--- /dev/null
+++ b/paramiko-3.4.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aac08f26a31dc4dffd92821527d1682d99d52f9ef6851968114a8728f3c274d3
+size 1277306
diff --git a/python-paramiko.changes b/python-paramiko.changes
index c28ecb2..40cace3 100644
--- a/python-paramiko.changes
+++ b/python-paramiko.changes
@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Wed Dec 20 06:57:15 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 3.4.0: (CVE-2023-48795, bsc#1218168)
+  * Transport grew a new packetizer_class kwarg for overriding the
+    packet-handler class used internally.
+  * Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found
+    in the SSH protocol re: treatment of packet sequence numbers) as follows:
+    + The vulnerability only impacts encrypt-then-MAC digest algorithms in
+      tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
+      currently only implements hmac-sha2-(256|512)-etm in tandem with
+      AES-CBC.
+    + As the fix for the vulnerability requires both ends of the connection
+      to cooperate, the below changes will only take effect when the remote
+      end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode,
+      as of this patch version) and configured to use the new
+      "strict kex" mode.
+    + Paramiko will now raise an SSHException subclass (MessageOrderError)
+      when protocol messages are received in unexpected order. This includes
+      situations like receiving MSG_DEBUG or MSG_IGNORE during initial key
+      exchange, which are no longer allowed during strict mode.
+    + Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered --
+      now resets packet sequence numbers. (This should be invisible to users
+      during normal operation, only causing exceptions if the exploit is
+      encountered, which will usually result in, again, MessageOrderError.)
+    + Sequence number rollover will now raise SSHException if it occurs
+      during initial key exchange (regardless of strict mode status).
+  * Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the
+    original implementation made assumptions based on an OpenSSH
+    implementation detail.
+- Add patch use-64-bit-maxsize-everywhere.patch:
+  * Use the 64-bit value of sys.maxsize.
+
 -------------------------------------------------------------------
 Fri Sep 29 22:29:46 UTC 2023 - Ondřej Súkup <mimi.vx@gmail.com>
 
diff --git a/python-paramiko.spec b/python-paramiko.spec
index 745eb82..2b398c9 100644
--- a/python-paramiko.spec
+++ b/python-paramiko.spec
@@ -18,16 +18,17 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-paramiko
-Version:        3.3.1
+Version:        3.4.0
 Release:        0
 Summary:        SSH2 protocol library
 License:        LGPL-2.1-or-later
-Group:          Documentation/Other
 URL:            https://www.paramiko.org/
 Source0:        https://files.pythonhosted.org/packages/source/p/paramiko/paramiko-%{version}.tar.gz
 Patch0:         paramiko-test_extend_timeout.patch
 # PATCH-FIX-OPENSUSE remove-icecream-dep.patch to do not depend on python-icecream and unvendor lexicon
 Patch1:         remove-icecream-dep.patch
+# PATCH-FIX-OPENSUSE use 64-bit value of sys.maxsize to prevent test failure on 32-bit
+Patch2:         use-64-bit-maxsize-everywhere.patch
 BuildRequires:  %{python_module PyNaCl >= 1.0.1}
 BuildRequires:  %{python_module Sphinx}
 BuildRequires:  %{python_module bcrypt >= 3.2}
@@ -60,7 +61,6 @@ are supported.  SFTP client and server mode are both supported too.
 
 %package -n python-paramiko-doc
 Summary:        Documentation for %{name}
-Group:          Documentation/Other
 Provides:       %{python_module paramiko-doc = %{version}}
 
 %description -n python-paramiko-doc
diff --git a/use-64-bit-maxsize-everywhere.patch b/use-64-bit-maxsize-everywhere.patch
new file mode 100644
index 0000000..3a12475
--- /dev/null
+++ b/use-64-bit-maxsize-everywhere.patch
@@ -0,0 +1,19 @@
+Index: paramiko-3.4.0/tests/test_transport.py
+===================================================================
+--- paramiko-3.4.0.orig/tests/test_transport.py
++++ paramiko-3.4.0/tests/test_transport.py
+@@ -1423,12 +1423,12 @@ class TestStrictKex:
+                 setattr(
+                     self.packetizer,
+                     "_Packetizer__sequence_number_in",
+-                    sys.maxsize,
++                    2**63-1,
+                 )
+                 setattr(
+                     self.packetizer,
+                     "_Packetizer__sequence_number_out",
+-                    sys.maxsize,
++                    2**63-1,
+                 )
+ 
+         with raises(