Alerts This Week
Warning Icon 1 1,161
Alerts This Week
Warning Icon 1 1,161

Gentoo: GLSA-202407-11 High Severity PuTTY Security Issues

gentoo
Calendar Grey July 5, 2024
Dist Gentoo Esm H88
Review Gentoo GLSA 202407-11 regarding essential patches and security risks associated with PuTTY that demand prompt attention.
Multiple vulnerabilities have been discovered in PuTTY, the worst of which could lead to compromised keys.

Summary

Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory high severity update multiple issues Gentoo Linux SSH client PuTTY

Resolution

All PuTTY users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/putty-0.81"
In addition, any keys generated with PuTTY versions 0.68 to 0.80 should be considered breached and should be regenerated.

References

[ 1 ] CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 [ 2 ] CVE-2024-31497 https://nvd.nist.gov/vuln/detail/CVE-2024-31497

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202407-11
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: PuTTY: Multiple Vulnerabilities
Date: July 05, 2024
Bugs: #920304, #930082
ID: 202407-11

Topics%20covered

Topics Covered

security advisory high severity update multiple issues Gentoo Linux SSH client PuTTY

Synopsis

Multiple vulnerabilities have been discovered in PuTTY, the worst of which could lead to compromised keys.

Background

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Package Vulnerable Unaffected -------------- ------------ ------------ net-misc/putty < 0.81 >= 0.81

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Your message here