Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-347-1 putty

Debian Security Advisory

DLA-347-1 putty -- LTS security update

Date Reported:

24 Nov 2015

Affected Packages:

putty

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-5309.

More information:

It was discovered that PuTTY's terminal emulator did not properly validate the parameter to the ECH (erase characters) control sequence, allowing a denial of service and possibly remote code execution.

For the oldoldstable distribution (squeeze), this problem has been fixed in version 0.60+2010-02-20-1+squeeze4.

For the oldstable (wheezy) and stable (jessie) distributions, this problem will be fixed soon.