[SECURITY] [DSA 3409-1] putty security update

2015-12-0120:39:22

lists.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON

Debian Security Advisory DSA-3409-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
December 01, 2015 https://www.debian.org/security/faq

Package : putty
CVE ID : CVE-2015-5309

A memory-corrupting integer overflow in the handling of the ECH (erase
characters) control sequence was discovered in PuTTY's terminal
emulator. A remote attacker can take advantage of this flaw to mount a
denial of service or potentially to execute arbitrary code.

For the oldstable distribution (wheezy), this problem has been fixed
in version 0.62-9+deb7u3.

For the stable distribution (jessie), this problem has been fixed in
version 0.63-10+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 0.66-1.

For the unstable distribution (sid), this problem has been fixed in
version 0.66-1.

We recommend that you upgrade your putty packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8mipsputty< 0.63-10+deb8u1putty_0.63-10+deb8u1_mips.deb
Debian6amd64pterm< 0.60+2010-02-20-1+squeeze4pterm_0.60+2010-02-20-1+squeeze4_amd64.deb
Debian8kfreebsd-i386putty-tools< 0.63-10+deb8u1putty-tools_0.63-10+deb8u1_kfreebsd-i386.deb
Debian7i386pterm< 0.62-9+deb7u3pterm_0.62-9+deb7u3_i386.deb
Debian7s390xputty-tools< 0.62-9+deb7u3putty-tools_0.62-9+deb7u3_s390x.deb
Debian8kfreebsd-amd64putty< 0.63-10+deb8u1putty_0.63-10+deb8u1_kfreebsd-amd64.deb
Debian7sparcputty< 0.62-9+deb7u3putty_0.62-9+deb7u3_sparc.deb
Debian7armelputty< 0.62-9+deb7u3putty_0.62-9+deb7u3_armel.deb
Debian8armelpterm< 0.63-10+deb8u1pterm_0.63-10+deb8u1_armel.deb
Debian8ppc64elpterm< 0.63-10+deb8u1pterm_0.63-10+deb8u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	mips	putty	< 0.63-10+deb8u1	putty_0.63-10+deb8u1_mips.deb
Debian	6	amd64	pterm	< 0.60+2010-02-20-1+squeeze4	pterm_0.60+2010-02-20-1+squeeze4_amd64.deb
Debian	8	kfreebsd-i386	putty-tools	< 0.63-10+deb8u1	putty-tools_0.63-10+deb8u1_kfreebsd-i386.deb
Debian	7	i386	pterm	< 0.62-9+deb7u3	pterm_0.62-9+deb7u3_i386.deb
Debian	7	s390x	putty-tools	< 0.62-9+deb7u3	putty-tools_0.62-9+deb7u3_s390x.deb
Debian	8	kfreebsd-amd64	putty	< 0.63-10+deb8u1	putty_0.63-10+deb8u1_kfreebsd-amd64.deb
Debian	7	sparc	putty	< 0.62-9+deb7u3	putty_0.62-9+deb7u3_sparc.deb
Debian	7	armel	putty	< 0.62-9+deb7u3	putty_0.62-9+deb7u3_armel.deb
Debian	8	armel	pterm	< 0.63-10+deb8u1	pterm_0.63-10+deb8u1_armel.deb
Debian	8	ppc64el	pterm	< 0.63-10+deb8u1	pterm_0.63-10+deb8u1_ppc64el.deb