*** This bug is a security vulnerability ***
Public security bug reported:
Putty 0.71 was released, patching major security vulnerabilities present
in previous versions. Vulnerabilities are laid out in the following CVE
reports, ranging in severity from High to Critical:
CVE-2019-9898 Potential recycling of random numbers used in cryptography
exists within PuTTY before 0.71.
CVE-2019-9897 Multiple denial-of-service attacks that can be triggered by
writing to the terminal exist in PuTTY versions before 0.71.
CVE-2019-9895 In PuTTY versions before 0.71 on Unix, a remotely triggerable
buffer overflow exists in any kind of server-to-client forwarding.
CVE-2019-9894 A remotely triggerable memory overwrite in RSA key exchange in
PuTTY before 0.71 can occur before host key verification.
Threats can be mitigated by providing Putty 0.71 to Ubuntu via Apt on
Disco, Cosmic, Bionic, and Xenial, if not others.
** Affects: putty (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1821407
Title:
Security vulnerabilities in Putty prior to 0.71
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1821407/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
