69123 – net-misc/putty 0.56 security update

Bug 69123 - net-misc/putty 0.56 security update

Summary: net-misc/putty 0.56 security update

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.chiark.greenend.org.uk/~sg...
Whiteboard:	B2 [glsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2004-10-27 05:00 UTC by Tobias Sager
Modified:	2011-10-30 22:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Sager 2004-10-27 05:00:54 UTC

<snip>
This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
soon as possible.

This version fixes a security hole in previous versions of PuTTY,
which can allow an SSH2 server to attack your client before host key
verification. This means that you are not even safe if you trust the
server you _think_ you're connecting to, since it could be spoofed
over the network and the host key check would not detect this before
the attack could take place. The attack can allow the server to
execute code of its choice on the client.

This vulnerability was found by iDEFENSE, who we expect to release
an advisory on the subject shortly.
</snip>

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-10-27 06:02:00 UTC

Travis, please bump to 0.56 asap

Comment 2 Tavis Ormandy (RETIRED) gentoo-dev

2004-10-27 06:40:31 UTC

done

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-10-27 14:57:57 UTC

GLSA 200410-29

Thx for the notification and swift resolution folks.