PuTTY 0.67 is released
Simon Tatham
anakin at pobox.com
Sat Mar 5 08:54:21 GMT 2016
PuTTY version 0.67 is released
------------------------------
All the pre-built binaries, and the source code, are now available
from the PuTTY website at
http://www.chiark.greenend.org.uk/~sgtatham/putty/
This is a SECURITY UPDATE. We recommend that everybody upgrade, as
soon as possible.
This release fixes a security hole in PSCP, in the old-style SCP
protocol. A server sending a malformed header before the contents of
the file could overrun a buffer exploitably in PSCP. [CVE-2016-2563]
In addition to fixing that vulnerability, this release has other
security-related updates:
- Windows PuTTY now sets its process ACL more restrictively, in an
attempt to defend against malicious other processes reading
sensitive data out of its memory.
- We have started using Authenticode to sign our Windows executables
and installer. They should show a verified publisher name of 'Simon
Tatham'.
- Assorted other fixes for crash-type bugs (but none known to be
exploitable).
Enjoy using PuTTY!
Cheers,
Simon
--
import hashlib; print (lambda p,q,g,y,r,s,m: m if (lambda w:(pow(g,int(hashlib.
sha1(m).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r else "!"
)(0xb80b5dacabab6145, 0xf70027d345023, 0x7643bc4018957897, 0x11c2e5d9951130c9,
0xa54d9cbe4e8ab, 0x746c50eaa1910, "Simon Tatham <anakin at pobox.com>")
More information about the PuTTY-announce
mailing list