Has Simon Tatham been advised of this, On Aug 11, 2013 2:50 PM, "Salvatore Bonaccorso" <car...@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2736-1 secur...@debian.org > http://www.debian.org/security/ Salvatore Bonaccorso > August 11, 2013 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : putty > Vulnerability : several > Problem type : local (remote) > Debian-specific: no > CVE ID : CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 > Debian Bug : 718779 > > Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client > for X. The Common Vulnerabilities and Exposures project identifies the > following problems: > > CVE-2013-4206 > > Mark Wooding discovered a heap-corrupting buffer underrun bug in the > modmul function which performs modular multiplication. As the modmul > function is called during validation of any DSA signature received > by PuTTY, including during the initial key exchange phase, a > malicious server could exploit this vulnerability before the client > has received and verified a host key signature. An attack to this > vulnerability can thus be performed by a man-in-the-middle between > the SSH client and server, and the normal host key protections > against man-in-the-middle attacks are bypassed. > > CVE-2013-4207 > > It was discovered that non-coprime values in DSA signatures can > cause a buffer overflow in the calculation code of modular inverses > when verifying a DSA signature. Such a signature is invalid. This > bug however applies to any DSA signature received by PuTTY, > including during the initial key exchange phase and thus it can be > exploited by a malicious server before the client has received and > verified a host key signature. > > CVE-2013-4208 > > It was discovered that private keys were left in memory after being > used by PuTTY tools. > > CVE-2013-4852 > > Gergely Eberhardt from SEARCH-LAB Ltd. discovered that PuTTY is > vulnerable to an integer overflow leading to heap overflow during > the SSH handshake before authentication due to improper bounds > checking of the length parameter received from the SSH server. A > remote attacker could use this vulnerability to mount a local denial > of service attack by crashing the putty client. > > Additionally this update backports some general proactive potentially > security-relevant tightening from upstream. > > For the oldstable distribution (squeeze), these problems have been fixed in > version 0.60+2010-02-20-1+squeeze2. This update also provides a fix for > CVE-2011-4607, which was fixed for stable already. > > For the stable distribution (wheezy), these problems have been fixed in > version 0.62-9+deb7u1. > > For the unstable distribution (sid), these problems have been fixed in > version 0.63-1. > > We recommend that you upgrade your putty packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (GNU/Linux) > > iQIcBAEBCgAGBQJSB+lQAAoJEHidbwV/2GP+6HUQAIGHk0ctuvUFNpPgZtZwGA9W > iX2oysndnZLXZmc1zkXhwvPo5fg/+PjdOvYn0cHfrgVb2wXMPAwIAjUwTZ+p2SbF > PwaXbjUr3sUJxQLdFoGNytfFeiUtQNj0/r/ylmQB77bgFKSI9iFnveYeNKc51Shb > ApaFKIueuYgrPUTt8KquloNvNryuLa0AjhveWsIDdFQVGW6ipAe70T2BohX5QIwh > ehzom1sFbEgJpqdPUt6sR7vyBj+mhg9atp3wCQkEJFq5uhrDEL6OrCwpZJ1oClMP > a0LSPwESz4iWUzL3eTgB7ENIcAelBQ4LWnVhuTxpaRGoHizmkId6ueMBD9ezJrmH > +/vDsBMQLxZuWP1SG7rEoEjJTsJEVQ/D7vu+s6cDuiliOr8IJ/2oXy0WQCDxinCI > l7iJaCQcxcGWY5LmW9tO94GW6ptSUW4aROKLt12u1X4VkKjLpyzkGWNNvK4H6vHg > 6orNaN8evpEVjj9ZF7Gq93e79ldhSjuj7ZZPcWmZNHdefxT+wxuXUB7flTXSRhlk > RaTC5SrqRlmGSUkm0HaRc61iTh/VZbj1Zw+M+mNw1VwTTUbFOH7gWThkbjWr/yC1 > HJpGe4Cpdm+289ci50Z/IVC7rKe0QsGW4tvpeS3N3lsvEVLj/skg/UIAnr86zU65 > 1VnEAudwqB82viZ0ci+C > =nzel > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: http://lists.debian.org/e1v8bdm-0008dv...@master.debian.org > >
