|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-347-1 (putty)



From:
    	      Ben Hutchings <benh@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 347-1] putty security update 


Date:
    	      Tue, 24 Nov 2015 22:07:27 +0000


Message-ID:
    	      <1448402847.27159.11.camel@debian.org>


Package        : putty
Version        : 0.60+2010-02-20-1+squeeze4
CVE ID         : CVE-2015-5309

It was discovered that PuTTY's terminal emulator did not properly
validate the parameter to the ECH (erase characters) control sequence,
allowing a denial of service and possibly remote code execution.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 0.60+2010-02-20-1+squeeze4.

For the oldstable (wheezy) and stable (jessie) distributions, this
problem will be fixed soon.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds