MGASA-2013-0242

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0242.html

Import Source

https://advisories.mageia.org/MGASA-2013-0242.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0242

Related

Published

2013-08-09T17:38:37Z

Modified

2013-08-09T17:38:35Z

Summary

Updated putty and filezilla packages fixes security vulnerability

Details

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds checking of the length parameter received from the SSH server. This allows remote attackers to cause denial of service, and may have more severe impact on the operation of software that uses PuTTY code (CVE-2013-4852).

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication (CVE-2013-4206).

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to a buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature (CVE-2013-4207).

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to private keys left in memory after being used by PuTTY tools (CVE-2013-4208).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / putty

Package

Name: putty
Purl: pkg:rpm/mageia/putty?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.63-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / filezilla

Package

Name: filezilla
Purl: pkg:rpm/mageia/filezilla?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / putty

Package

Name: putty
Purl: pkg:rpm/mageia/putty?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.63-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / filezilla

Package

Name: filezilla
Purl: pkg:rpm/mageia/filezilla?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-1.mga3

Ecosystem specific

{
    "section": "core"
}