Overview

File _patchinfo of Package patchinfo.10883

<patchinfo incident="10883">
  <issue tracker="bnc" id="1144548">VUL-1: putty: integer underflow parsing SSH-1 packet length</issue>
  <issue tracker="bnc" id="1144547">VUL-1: putty: buffer overflow in SSH-1 if server sends two tiny RSA keys</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>jengelh</packager>
  <description>This update for putty fixes the following issues:

Update to new upstream release 0.72 [boo#1144547, boo#1144548]

* Fixed two separate vulnerabilities affecting the obsolete
  SSH-1 protocol, both available before host key checking.
* Fixed a vulnerability in all the SSH client tools (PuTTY,
  Plink, PSFTP and PSCP) if a malicious program can impersonate
  Pageant.
* Fixed a crash in GSSAPI / Kerberos key exchange triggered if
  the server provided an ordinary SSH host key as part of the
  exchange.
</description>
  <summary>Recommended update for putty</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places