This release fixes a security hole in PSCP, in the old-style SCP
protocol. A server sending a malformed header before the contents of the
file could overrun a buffer exploitably in PSCP. [CVE-2016-2563]
plus "Assorted other fixes for crash-type bugs (but none known to be
exploitable)".
"This release fixes a security hole in the terminal emulation code.
Writing a particular escape sequence to the screen in a PuTTY terminal
session could cause the terminal code to read *and potentially write*
memory outside its own data structures. This might be exploitable, so
everybody should upgrade to a fixed version."
- Vulnerability: non-coprime values in DSA signatures can cause buffer
overflow in modular inverse
- Vulnerability: buffer underrun in modmul can corrupt the heap
- Vulnerability: negative string length in public-key signatures can
cause integer overflow and overwrite all of memory
- Private keys left in memory after being used by PuTTY tools
N.B. some of these vulnerabilities where an SSH-2 server can make PuTTY
overrun or underrun buffers can be triggered *before* host key verification
so there is a risk from a spoofed server. For more info see the 0.63
section of http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
PuTTY is a SSH and Telnet client implementation. This package
contains the command-line clients and supporting utilities for
key generation.
feedback steven@ mbalmer@; ok mbalmer@
