MGASA-2015-0098
- Source
- https://advisories.mageia.org/MGASA-2015-0098.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0098.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0098
- Related
- Published
- 2015-03-06T18:08:57Z
- Modified
- 2015-03-06T18:00:17Z
- Summary
- Updated putty and filezilla packages fix CVE-2015-2157
- Details
-
Updated putty and filezilla packages fix security vulnerability:
PuTTY suite versions 0.51 to 0.63 fail to clear SSH-2 private key information from memory when loading and saving key files to disk, leading to potential disclosure. The issue affects keys stored on disk in encrypted and unencrypted form, and is present in PuTTY, Plink, PSCP, PSFTP, Pageant and PuTTYgen (CVE-2015-2157).
The putty package has been updated to version 0.64, fixing this and other issues. The filezilla package, which contains a bundled version of PuTTY, has also been updated, to version 3.10.2.
- References
-
- https://advisories.mageia.org/MGASA-2015-0098.html
- https://bugs.mageia.org/show_bug.cgi?id=15394
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- http://openwall.com/lists/oss-security/2015/02/28/4
- https://filezilla-project.org/newsfeed.php
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / putty
Package
- Name
- putty
- Purl
- pkg:rpm/mageia/putty?distro=mageia-4
Mageia:4 / filezilla
Package
- Name
- filezilla
- Purl
- pkg:rpm/mageia/filezilla?distro=mageia-4