MGASA-2013-0242

Source
https://advisories.mageia.org/MGASA-2013-0242.html
Import Source
https://advisories.mageia.org/MGASA-2013-0242.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2013-0242
Related
Published
2013-08-09T17:38:37Z
Modified
2013-08-09T17:38:35Z
Summary
Updated putty and filezilla packages fixes security vulnerability
Details

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds checking of the length parameter received from the SSH server. This allows remote attackers to cause denial of service, and may have more severe impact on the operation of software that uses PuTTY code (CVE-2013-4852).

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication (CVE-2013-4206).

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to a buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature (CVE-2013-4207).

PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to private keys left in memory after being used by PuTTY tools (CVE-2013-4208).

References
Credits

Affected packages

Mageia:2 / putty

Package

Name
putty
Purl
pkg:rpm/mageia/putty?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.63-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:2 / filezilla

Package

Name
filezilla
Purl
pkg:rpm/mageia/filezilla?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / putty

Package

Name
putty
Purl
pkg:rpm/mageia/putty?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.63-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / filezilla

Package

Name
filezilla
Purl
pkg:rpm/mageia/filezilla?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-1.mga3

Ecosystem specific

{
    "section": "core"
}