PuTTY 0.73 is released

Simon Tatham anakin at pobox.com
Sun Sep 29 16:19:14 BST 2019 

PuTTY version 0.73 is released
------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    https://www.chiark.greenend.org.uk/~sgtatham/putty/

This is a SECURITY UPDATE, fixing minor vulnerabilities affecting port
forwarding on Windows; bracketed paste mode in the terminal; and any
use of SSH-1. We recommend that anyone using those features should
update.

Vulnerabilities fixed in this release include:

 - On Windows, the listening sockets used for local port forwarding
   were opened in a mode that did not prevent other processes from
   also listening on the same ports and stealing some of the incoming
   connections.

 - In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
   a way that made the pasted data look like manual keyboard input. So
   any application relying on the bracketing sequences to protect
   against malicious clipboard contents would have been misled.

 - An SSH-1 server could trigger an access to freed memory by sending
   the SSH1_MSG_DISCONNECT message. Not known to be exploitable.

Other bug fixes include:

 - Windows Plink no longer crashes on startup when it tries to tell
   you it's reusing an existing SSH connection.

 - Windows PuTTY now updates its terminal window size correctly if the
   screen resolution changes while it's maximised.

 - If you display the coloured error messages from gcc in the PuTTY
   terminal, there is no longer a missing character if a colour change
   happens exactly at the end of a line.

 - If you use the 'Clear Scrollback' menu option or escape sequence
   while text in the scrollback is selected, it no longer causes an
   assertion failure.

Enjoy using PuTTY!

Cheers,
Simon

-- 
import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1(
m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r
and m)(0xb80b5dacabab6145,0xf70027d345023,0x7643bc4018957897,0x11c2e5d9951130c9
,0xa54d9cbe4e8ab,0x746c50eaa1910,      "Simon Tatham <anakin at pobox.com>"     ))

More information about the PuTTY-announce mailing list