lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1a3rhq-0006yL-Qh@master.debian.org> Date: Tue, 01 Dec 2015 20:39:22 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 3409-1] putty security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3409-1 security@...ian.org https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : putty CVE ID : CVE-2015-5309 A memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence was discovered in PuTTY's terminal emulator. A remote attacker can take advantage of this flaw to mount a denial of service or potentially to execute arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 0.62-9+deb7u3. For the stable distribution (jessie), this problem has been fixed in version 0.63-10+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 0.66-1. For the unstable distribution (sid), this problem has been fixed in version 0.66-1. We recommend that you upgrade your putty packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWXgVAAAoJEAVMuPMTQ89ExMoP/2nCjJVLuClDWHYbdQF4k0KB d1pjGR4stMEODyawKxZm4DH374YTpcgPi+U+PBMFrZcJBMNQjOEwskKKYXq6utVF 9n/9it4d5OybtXu3BXvzGdyrPeP2vtfvPSNTKc45qbTxi+lSMWxRtZYdlX7jqF+w c2FHq6AduWe+Hb0yCFyyC5C/lOGGp2ZTV8cCHq4FBxF0UjOzWb4FH4MJtDfCUr3C j/KU8CRdqmhT9I2czQNQX/OZGzVLgTV91XxLXJZ/ycrSIB/rqayg5auAY8IKfG1N ZOXPNaDIx7LPg+OkGjNUO7MfAs0MDIh8eY6ECD+L2lZpKHKCPYdkIbF9J0/XayAk BpYjfKWdImd3TiXOXPBIRmNULxNoTfC6Y7fppM0zQ1Y0KxoZKlOJHM8wvdcfubK+ fcS+K3zE6SWvyOiLRW3GK+dqsJWDeUt7hdPzHhhothLlIb2TlVDrpKEYBEZ2FZms Wys53kc9H83QIvRv3hdYu9cV4cvKQp+cxlfkvetnpSealTrPYuZNtayLKmqfobYR C5/pa+x2gX4DKy4VTKqMHdDwzPnA2Wy+R/nw7Qj56TbIVEEnw0iT5QTB4HdOZmGm liMBoNF4VHWjNkNtTtfozkmj8KWF7BwFt+0PpSv2P5SyW6ddUFMsN03gV4s+MHgf ibT4S9zG7LQpVeA8LPzM =ohmG -----END PGP SIGNATURE-----
Powered by blists - more mailing lists