[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 173-1] putty security update

Package        : putty
Version        : 0.60+2010-02-20-1+squeeze3
CVE ID         : CVE-2015-2157
Debian Bug     : 779488


    Florent Daigniere discovered that PuTTY did not enforce an
    acceptable range for the Diffie-Hellman server value, as required by
    RFC 4253, potentially allowing an eavesdroppable connection to be
    established in the event of a server weakness.


    Patrick Coleman discovered that PuTTY did not clear SSH-2 private
    key information from memory when loading and saving key files, which
    could result in disclosure of private key material.

Colin Watson                                       [cjwatson@debian.org]

Attachment: signature.asc
Description: Digital signature

Reply to: