Summary: | <net-misc/putty-0.63 : SSH Handshake Integer Overflow Vulnerabilities (CVE-2013-4852) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jer |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/54354/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-08-05 20:32:47 UTC
Arch teams, please test and mark stable: =net-misc/putty-0.62.20130805 Stable KEYWORDS : alpha amd64 ppc sparc x86 amd64 stable Upstream have committed to a new release, so let's stabilise that instead. I have carried over the stable amd64 keyword. Arch teams, please test and mark stable: =net-misc/putty-0.63 Stable KEYWORDS : alpha amd64 hppa ppc sparc x86 sparc stable alpha stable ppc stable x86 stable Thanks for your work. Added to existing GLSA draft This issue was resolved and addressed in GLSA 201308-01 at http://security.gentoo.org/glsa/glsa-201308-01.xml by GLSA coordinator Sergey Popov (pinkbyte). CVE-2013-4852 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4852): Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. |