MGASA-2015-0098

Source
https://advisories.mageia.org/MGASA-2015-0098.html
Import Source
https://advisories.mageia.org/MGASA-2015-0098.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2015-0098
Related
Published
2015-03-06T18:08:57Z
Modified
2015-03-06T18:00:17Z
Summary
Updated putty and filezilla packages fix CVE-2015-2157
Details

Updated putty and filezilla packages fix security vulnerability:

PuTTY suite versions 0.51 to 0.63 fail to clear SSH-2 private key information from memory when loading and saving key files to disk, leading to potential disclosure. The issue affects keys stored on disk in encrypted and unencrypted form, and is present in PuTTY, Plink, PSCP, PSFTP, Pageant and PuTTYgen (CVE-2015-2157).

The putty package has been updated to version 0.64, fixing this and other issues. The filezilla package, which contains a bundled version of PuTTY, has also been updated, to version 3.10.2.

References
Credits

Affected packages

Mageia:4 / putty

Package

Name
putty
Purl
pkg:rpm/mageia/putty?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.64-1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / filezilla

Package

Name
filezilla
Purl
pkg:rpm/mageia/filezilla?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.10.2-1.mga4

Ecosystem specific

{
    "section": "core"
}