1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202407-11 ] PuTTY: Multiple Vulnerabilities

    From glsamaker@gentoo.org@21:1/5 to All on Fri Jul 5 08:50:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202407-11
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: PuTTY: Multiple Vulnerabilities
    Date: July 05, 2024
    Bugs: #920304, #930082
    ID: 202407-11

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in PuTTY, the worst of
    which could lead to compromised keys.

    Background
    ==========

    PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.

    Affected packages
    =================

    Package Vulnerable Unaffected
    -------------- ------------ ------------
    net-misc/putty < 0.81 >= 0.81

    Description
    ===========

    Multiple vulnerabilities have been discovered in PuTTY. Please review
    the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All PuTTY users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/putty-0.81"

    In addition, any keys generated with PuTTY versions 0.68 to 0.80 should
    be considered breached and should be regenerated.

    References
    ==========

    [ 1 ] CVE-2023-48795
    https://nvd.nist.gov/vuln/detail/CVE-2023-48795
    [ 2 ] CVE-2024-31497
    https://nvd.nist.gov/vuln/detail/CVE-2024-31497

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202407-11

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmaHlk4ACgkQFMQkOaVy +9nCxBAAgNeK4BjZxIoWa5quyz0NOrHpnXHhRPA2f+ac9ZQofKSrLwjm0Cp3LEId XLHl62LFFt7YdEby8a6QQrkz2j8wrFwlmAJWfyZ1E0M+MTNp0+krZ3SRwy7CWSaU wND0gB5P2MDEn0fOdft96I3wOXkxaeZEle7esUR+blzOXrhwW8XRgBNp70yMm1UC +2uljCQnfZ6FmATYe213ZlizMEQ/duLDqYYu9hRzUSadAOJyHjqUvBbfaJm2NFu2 FRyDqvWkjc5cEXk6//yNE6eNtWZdj8+QkwgCGlF1FIlaRR62WAeHJYgqHbCWejHr 0OeKb7wt02XL1pzE35X+cTyk6D2EBwJo4UYTYY6BBQijyIP5nWtvGnyY1FTMLa1R /YA1KvIfIQvTK8zbcUX+J6L4vWnOdGYC/bQdbOH3QuOdc2cRZNAAWbhUCybrN9Hi +yjSaUhd4nIuuyWXTSWeWuu9uXtuq8ARgHUqVCAHSpXgZIcp+LyFiPJTbNQxd+jT yd38L7Z2bLwH3pj5EPlFMzP0/qxC8+OaRpEt4n/Gn47AzXIN40BTsWLgPncqy60i tBdy3YDereskyBZDm17HN4shtgmWnf7QjVizLShLE8WRz0de310ZxOvkkAT0mk68 /Z9Qr5QPojPZ+JqoFn7LdgQeE3Ki1AVv5enaiou5waEdTYJBM9Y=
    =cdFG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)