PuTTY 0.68 is released
anakin at pobox.com
Tue Feb 21 18:59:10 GMT 2017
PuTTY version 0.68 is released
All the pre-built binaries, and the source code, are now available
from the PuTTY website at
This is mostly a feature update, but it also includes security fixes:
- Fixed a security vulnerability in the agent forwarding code. An
agent forwarding client could overwrite PuTTY's memory by sending a
particular kind of illegally formatted message. However, that is
less worrying than it sounds, because if a hostile client can
access your agent forwarding then you have other problems anyway!
- Fixed the widespread DLL hijacking issue seen in many Windows
programs. PuTTY should no longer accidentally load DLLs with
special names like 'ntmarta.dll' if they are in the same directory
as its executable file.
- Enabled some system security features in Windows PuTTY: Address
Space Layout Randomisation and Data Execution Prevention.
If any of those concerns you, you should upgrade as soon as possible.
We have also turned *off* (by default) the previous security feature
in which Windows PuTTY restricted its process ACL to make it harder
for malware to inject code into a running PuTTY. This feature was
causing too much assorted trouble with legitimate processes trying to
interoperate with PuTTY, ranging from screen reader software such as
NVDA to programs using Plink as a transport such as TortoiseGit. So
it's now off by default, but you can re-enable it using the
command-line option '-restrict-acl'.
That's enough about security. We also have lots of new features in
- Support for elliptic-curve cryptography. PuTTY now supports public
and private keys using the Ed25519 signature algorithm, and also
the ECDSA algorithm using the three standard NIST curves. These
keys are supported for both user authentication and as host keys.
Also, elliptic-curve key exchange with both sets of curves is
supported (called 'Curve25519' and 'ECDH' respectively).
- PuTTYgen can now import and export keys in OpenSSH's newer file
format. (This is necessary for elliptic curve keys, but older key
algorithms like RSA are sometimes stored in the new format too.)
- When connecting to a server, PuTTY will now automatically prefer to
use a host key it already knows. But once you're connected, it also
has a new option to download the server's other host keys securely
over its existing connection and add them to its database so it can
use them next time. So if you want to upgrade to using elliptic-
curve keys for your existing servers, you can do that, and if you
don't care, then PuTTY shouldn't bother you about it.
- Windows: we are now offering a 64-bit version of PuTTY! This is
less well tested (so far), but it does its cryptography faster
during connection setup, and it can also load 64-bit DLLs if you
need that for some reason (e.g. GSSAPI).
- Unix: the Unix GUI tools can now be built with GTK version 3, which
offers improved font rendering and better support for precise
- Unix: we now have a Unix version of Pageant.
Enjoy using PuTTY!
for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
print "".join([chr(32+3*((k>>x)&1))for x in range(79)]) # <anakin at pobox.com>
More information about the PuTTY-announce