|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-347-1 (putty)

From:  Ben Hutchings <benh@debian.org>
To:  debian-lts-announce@lists.debian.org
Subject:  [SECURITY] [DLA 347-1] putty security update
Date:  Tue, 24 Nov 2015 22:07:27 +0000
Message-ID:  <1448402847.27159.11.camel@debian.org>

Package        : putty Version        : 0.60+2010-02-20-1+squeeze4 CVE ID         : CVE-2015-5309 It was discovered that PuTTY's terminal emulator did not properly validate the parameter to the ECH (erase characters) control sequence, allowing a denial of service and possibly remote code execution. For the oldoldstable distribution (squeeze), this problem has been fixed in version 0.60+2010-02-20-1+squeeze4. For the oldstable (wheezy) and stable (jessie) distributions, this problem will be fixed soon. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds