FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
46e1ece5-48bd-11e9-9c40-080027ac955cPuTTY -- security fixes in new release

The PuTTY team reports:

New in 0.71:

  • Security fixes found by an EU-funded bug bounty programme:
  • + a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
  • + potential recycling of random numbers used in cryptography
  • + on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
  • + multiple denial-of-service attacks that can be triggered by writing to the terminal
  • Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
  • User interface changes to protect against fake authentication prompts from a malicious server.

Discovery 2019-03-16
Entry 2019-03-17
putty
< 0.71

putty-gtk2
< 0.71

putty-nogtk
< 0.71

https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html