[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 347-1] putty security update

Package        : putty
Version        : 0.60+2010-02-20-1+squeeze4
CVE ID         : CVE-2015-5309

It was discovered that PuTTY's terminal emulator did not properly
validate the parameter to the ECH (erase characters) control sequence,
allowing a denial of service and possibly remote code execution.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 0.60+2010-02-20-1+squeeze4.

For the oldstable (wheezy) and stable (jessie) distributions, this
problem will be fixed soon.

Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: