cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
01a4c7dc12
openbsd-ports/net/putty/distinfo
sthen 10a472aa72 SECURITY update to PuTTY 0.63 - ok brad@ 
- Vulnerability: non-coprime values in DSA signatures can cause buffer
overflow in modular inverse
- Vulnerability: buffer underrun in modmul can corrupt the heap
- Vulnerability: negative string length in public-key signatures can
cause integer overflow and overwrite all of memory
- Private keys left in memory after being used by PuTTY tools

N.B. some of these vulnerabilities where an SSH-2 server can make PuTTY
overrun or underrun buffers can be triggered *before* host key verification
so there is a risk from a spoofed server. For more info see the 0.63
section of http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
2013-08-07 11:47:51 +00:00

3 lines
109 B
Plaintext
Raw Blame History

SHA256 (putty-0.63.tar.gz) = gejqrzG+fZpGtPP7gNHZVAd28ULNidChHy+Agtxo+LU=
SIZE (putty-0.63.tar.gz) = 1887913
Reference in New Issue View Git Blame Copy Permalink