SUSE Package Hub - openSUSE-2019-2017

Update Info

openSUSE-2019-2017

Recommended update for putty

Type: security

Severity: moderate

Issued: 2019-08-26

Description:

This update for putty fixes the following issues:

Update to new upstream release 0.72 [boo#1144547, boo#1144548]

* Fixed two separate vulnerabilities affecting the obsolete
  SSH-1 protocol, both available before host key checking.
* Fixed a vulnerability in all the SSH client tools (PuTTY,
  Plink, PSFTP and PSCP) if a malicious program can impersonate
  Pageant.
* Fixed a crash in GSSAPI / Kerberos key exchange triggered if
  the server provided an ordinary SSH host key as part of the
  exchange.

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

Bugzilla: 1144548 VUL-1: putty: integer underflow parsing SSH-1 packet length
Bugzilla: 1144547 VUL-1: putty: buffer overflow in SSH-1 if server sends two tiny RSA keys

Packages

putty-0.72-bp151.4.3.1