FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6190c0cd-b945-11ea-9401-2dcf562daa69	PuTTY -- Release 0.74 fixes two security vulnerabilities Simon Tatham reports: [Release 0.74] fixes the following security issues: New configuration option to disable PuTTY's default policy of changing its host key algorithm preferences to prefer keys it already knows. (There is a theoretical information leak in this policy.) [CVE-2020-14002] In some situations an SSH server could cause PuTTY to access freed mdmory by pretending to accept an SSH key and then refusing the actual signature. It can only happen if you're using an SSH agent. Discovery 2020-06-27 Entry 2020-06-28 putty < 0.74 putty-gtk2 < 0.74 putty-nogtk < 0.74 https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-dynamic-hostkey-info-leak.html https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ CVE-2020-14002 https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-keylist-used-after-free.html

VuXML ID

Description

6190c0cd-b945-11ea-9401-2dcf562daa69

PuTTY -- Release 0.74 fixes two security vulnerabilities

Simon Tatham reports:

[Release 0.74] fixes the following security issues:

New configuration option to disable PuTTY's default policy of changing its host key algorithm preferences to prefer keys it already knows. (There is a theoretical information leak in this policy.) [CVE-2020-14002]

In some situations an SSH server could cause PuTTY to access freed mdmory by pretending to accept an SSH key and then refusing the actual signature. It can only happen if you're using an SSH agent.

Discovery 2020-06-27
Entry 2020-06-28
putty

< 0.74

putty-gtk2

< 0.74

putty-nogtk

< 0.74

https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-dynamic-hostkey-info-leak.html
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
CVE-2020-14002
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-keylist-used-after-free.html