Mageia: 2020-0358 Critical: PuTTY Information Leak Security Issue
mageia
September 2, 2020
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation
Summary
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information
leak in the algorithm negotiation. This allows man-in-the-middle attackers to
target initial connection attempts (where no host key for the server has been
cached by the client) (CVE-2020-14002).
References
- https://bugs.mageia.org/show_bug.cgi?id=26875
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV/
- https://www.cve.org/CVERecord?id=CVE-2020-14002
Topics Covered
Resolution
SRPMS
- 7/core/putty-0.74-1.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 02 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0358.html
Type: security
CVE: CVE-2020-14002
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!