[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 173-1] putty security update



Package        : putty
Version        : 0.60+2010-02-20-1+squeeze3
CVE ID         : CVE-2015-2157
Debian Bug     : 779488

MATTA-2015-002

    Florent Daigniere discovered that PuTTY did not enforce an
    acceptable range for the Diffie-Hellman server value, as required by
    RFC 4253, potentially allowing an eavesdroppable connection to be
    established in the event of a server weakness.

#779488
CVE-2015-2157

    Patrick Coleman discovered that PuTTY did not clear SSH-2 private
    key information from memory when loading and saving key files, which
    could result in disclosure of private key material.

-- 
Colin Watson                                       [cjwatson@debian.org]

Attachment: signature.asc
Description: Digital signature


Reply to: