Debian-LTS alert DLA-173-1 (putty)


From:
    	       Colin Watson <cjwatson@debian.org> 
To:
    	       debian-lts-announce@lists.debian.org 
Subject:
    	       [SECURITY] [DLA 173-1] putty security update 
Date:
    	       Sun, 15 Mar 2015 18:12:02 +0000
Message-ID:
    	       <20150315181202.GZ3020@riva.ucam.org>
Package        : putty
Version        : 0.60+2010-02-20-1+squeeze3
CVE ID         : CVE-2015-2157
Debian Bug     : 779488

MATTA-2015-002

    Florent Daigniere discovered that PuTTY did not enforce an
    acceptable range for the Diffie-Hellman server value, as required by
    RFC 4253, potentially allowing an eavesdroppable connection to be
    established in the event of a server weakness.

#779488
CVE-2015-2157

    Patrick Coleman discovered that PuTTY did not clear SSH-2 private
    key information from memory when loading and saving key files, which
    could result in disclosure of private key material.

-- 
Colin Watson                                       [cjwatson@debian.org]

From:		Colin Watson <cjwatson@debian.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 173-1] putty security update
Date:		Sun, 15 Mar 2015 18:12:02 +0000
Message-ID:		<20150315181202.GZ3020@riva.ucam.org>