FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
46e1ece5-48bd-11e9-9c40-080027ac955c | PuTTY -- security fixes in new release
The PuTTY team reports:
New in 0.71:
- Security fixes found by an EU-funded bug bounty programme:
- + a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
- + potential recycling of random numbers used in cryptography
- + on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
- + multiple denial-of-service attacks that can be triggered by writing to the terminal
- Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
- User interface changes to protect against fake authentication prompts from a malicious server.
Discovery 2019-03-16 Entry 2019-03-17 putty
< 0.71
putty-gtk2
< 0.71
putty-nogtk
< 0.71
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
|