Updated putty/filezilla/wxgtk packages fix security vulnerability

2019-05-0800:38:09

Gentoo Foundation

advisories.mageia.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.035

Percentile

91.7%

JSON

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification (CVE-2019-9894). In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding (CVE-2019-9895). Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71 (CVE-2019-9897). Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71 (CVE-2019-9898). The putty package has been updated to version 0.71 and the filezilla package has been updated and patched to fix these issues. wxgtk has been updated to fix an assert when starting filezilla.

OSVersionArchitecturePackageVersionFilename
Mageia6noarchputty< 0.71-1putty-0.71-1.mga6
Mageia6noarchfilezilla< 3.31.0-1filezilla-3.31.0-1.mga6
Mageia6noarchlibfilezilla< 0.12.1-1libfilezilla-0.12.1-1.mga6
Mageia6noarchwxgtk< 3.0.3.1-1.1wxgtk-3.0.3.1-1.1.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	putty	< 0.71-1	putty-0.71-1.mga6
Mageia	6	noarch	filezilla	< 3.31.0-1	filezilla-3.31.0-1.mga6
Mageia	6	noarch	libfilezilla	< 0.12.1-1	libfilezilla-0.12.1-1.mga6
Mageia	6	noarch	wxgtk	< 3.0.3.1-1.1	wxgtk-3.0.3.1-1.1.mga6