PuTTY 0.67 is released

Simon Tatham anakin at pobox.com
Sat Mar 5 08:54:21 GMT 2016

PuTTY version 0.67 is released

All the pre-built binaries, and the source code, are now available
from the PuTTY website at


This is a SECURITY UPDATE. We recommend that everybody upgrade, as
soon as possible.

This release fixes a security hole in PSCP, in the old-style SCP
protocol. A server sending a malformed header before the contents of
the file could overrun a buffer exploitably in PSCP. [CVE-2016-2563]

In addition to fixing that vulnerability, this release has other
security-related updates:

 - Windows PuTTY now sets its process ACL more restrictively, in an
   attempt to defend against malicious other processes reading
   sensitive data out of its memory.

 - We have started using Authenticode to sign our Windows executables
   and installer. They should show a verified publisher name of 'Simon

 - Assorted other fixes for crash-type bugs (but none known to be

Enjoy using PuTTY!


import hashlib; print (lambda p,q,g,y,r,s,m: m if (lambda w:(pow(g,int(hashlib.
 sha1(m).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r else "!"
 )(0xb80b5dacabab6145, 0xf70027d345023, 0x7643bc4018957897, 0x11c2e5d9951130c9,
 0xa54d9cbe4e8ab, 0x746c50eaa1910, "Simon Tatham <anakin at pobox.com>")

More information about the PuTTY-announce mailing list