693052 – <net-misc/putty-0.72 - multiple vulnerabilities

Bug 693052 - <net-misc/putty-0.72 - multiple vulnerabilities

Summary: <net-misc/putty-0.72 - multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.chiark.greenend.org.uk/~s...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2019-08-29 06:26 UTC by Jeroen Roovers (RETIRED)
Modified:	2019-10-26 22:13 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2019-08-29 06:26:12 UTC

*Security fixes found by the EU-funded bug bounty:
** two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
** a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-26 22:13:15 UTC

Repository is clean, all done!