[SECURITY] [DLA 173-1] putty security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 173-1] putty security update
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 15 Mar 2015 18:12:02 +0000
Message-id: <[🔎] 20150315181202.GZ3020@riva.ucam.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : putty
Version        : 0.60+2010-02-20-1+squeeze3
CVE ID         : CVE-2015-2157
Debian Bug     : 779488

MATTA-2015-002

    Florent Daigniere discovered that PuTTY did not enforce an
    acceptable range for the Diffie-Hellman server value, as required by
    RFC 4253, potentially allowing an eavesdroppable connection to be
    established in the event of a server weakness.

#779488
CVE-2015-2157

    Patrick Coleman discovered that PuTTY did not clear SSH-2 private
    key information from memory when loading and saving key files, which
    could result in disclosure of private key material.

-- 
Colin Watson                                       [cjwatson@debian.org]

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 172-1] libextlib-ruby security update
Next by Date: [SECURITY] [DLA 174-1] tcpdump security update
Previous by thread: [SECURITY] [DLA 172-1] libextlib-ruby security update
Next by thread: [SECURITY] [DLA 174-1] tcpdump security update
Index(es):
- Date
- Thread