Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

openSUSE: 2019:1985-1 moderate security patch for Putty software

opensuse
Calendar Grey August 21, 2019
Dist Opensuse Esm H88
The latest openSUSE update resolves several medium-level vulnerabilities in putty. Security enhancements are part of this release. It is advised to apply the suggested patches promptly.
An update that contains security fixes can now be installed.

Description

This update for putty fixes the following issues:

Update to new upstream release 0.72 [boo#1144547, boo#1144548]

* Fixed two separate vulnerabilities affecting the obsolete SSH-1

protocol, both available before host key checking.

* Fixed a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP

and PSCP) if a malicious program can impersonate Pageant.

* Fixed a crash in GSSAPI / Kerberos key exchange triggered if the server

provided an ordinary SSH host key as part of the exchange.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1985=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1985=1

Package List

- openSUSE Leap 15.1 (x86_64):

putty-0.72-lp151.3.3.1

putty-debuginfo-0.72-lp151.3.3.1

putty-debugsource-0.72-lp151.3.3.1

- openSUSE Leap 15.0 (x86_64):

putty-0.72-lp150.15.1

putty-debuginfo-0.72-lp150.15.1

putty-debugsource-0.72-lp150.15.1

References

https://bugzilla.suse.com/1144547

https://bugzilla.suse.com/1144548

--

Severity
medium
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1985-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.