[SECURITY] [DLA 173-1] putty security update

2015-03-15T18:12:25
ID DEBIAN:DLA-173-1:1CF51
Type debian
Reporter Debian
Modified 2015-03-15T18:12:25

Description

Package : putty Version : 0.60+2010-02-20-1+squeeze3 CVE ID : CVE-2015-2157 Debian Bug : 779488

MATTA-2015-002

Florent Daigniere discovered that PuTTY did not enforce an
acceptable range for the Diffie-Hellman server value, as required by
RFC 4253, potentially allowing an eavesdroppable connection to be
established in the event of a server weakness.

779488

CVE-2015-2157

Patrick Coleman discovered that PuTTY did not clear SSH-2 private
key information from memory when loading and saving key files, which
could result in disclosure of private key material.

-- Colin Watson [cjwatson@debian.org]