Recommended update for putty
This update for putty fixes the following issues:
Update to new upstream release 0.72 [boo#1144547, boo#1144548]
* Fixed two separate vulnerabilities affecting the obsolete
SSH-1 protocol, both available before host key checking.
* Fixed a vulnerability in all the SSH client tools (PuTTY,
Plink, PSFTP and PSCP) if a malicious program can impersonate
Pageant.
* Fixed a crash in GSSAPI / Kerberos key exchange triggered if
the server provided an ordinary SSH host key as part of the
exchange.
-
Submitted by
Jan Engelhardt (jengelh)
Fixed bugs
bnc#1144548
VUL-1: putty: integer underflow parsing SSH-1 packet length
bnc#1144547
VUL-1: putty: buffer overflow in SSH-1 if server sends two tiny RSA keys
