Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 542098 (CVE-2015-2157) - <net-misc/putty-0.64: fails to clear private key information from memory (CVE-2015-2157)
Summary: <net-misc/putty-0.64: fails to clear private key information from memory (CVE...
Alias: CVE-2015-2157
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: C3 [noglsa cve]
Depends on:
Reported: 2015-03-04 14:33 UTC by Jeroen Roovers (RETIRED)
Modified: 2015-07-05 21:15 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2015-03-04 14:33:00 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 hppa ppc sparc x86
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-03-05 08:20:37 UTC
Stable for HPPA.
Comment 2 Agostino Sarubbo gentoo-dev 2015-03-06 09:55:17 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-03-06 09:55:45 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-03-26 11:23:15 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-03-30 09:50:13 UTC
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-03-30 10:02:56 UTC
alpha stable.

Maintainer(s), please cleanup.
Comment 7 Yury German Gentoo Infrastructure gentoo-dev 2015-04-22 20:21:05 UTC
Arches, Thank you for your work.

GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).
Comment 8 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 16:24:45 UTC
GLSA Vote: No
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2015-07-05 21:15:35 UTC
CVE-2015-2157 (
  The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51
  through 0.63 do not properly wipe SSH-2 private keys from memory, which
  allows local users to obtain sensitive information by reading the memory.