openSUSE-SU-2019:1123-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1123-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1123-1
- Related
- Published
- 2019-04-02T13:58:36Z
- Modified
- 2019-04-02T13:58:36Z
- Summary
- Security update for putty
- Details
-
This update for putty fixes the following issues:
Update to new upstream release 0.71 [boo#1129633]
- CVE-2019-9894: Fixed a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification potential recycling of random numbers used in cryptography.
- CVE-2019-9895: Fixed a remotely triggerable buffer overflow in any kind of server-to-client forwarding.
- CVE-2019-9897: Fixed multiple denial-of-service attacks that can be triggered by writing to the terminal.
- CVE-2019-9898: Fixed potential recycling of random numbers used in cryptography
- CVE-2019-9896 (Windows only): Fixed hijacking by a malicious help file in the same directory as the executable
- Major rewrite of the crypto code to remove cache and timing side channels.
This update was imported from the openSUSE:Leap:15.0:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LGXV73N3N22CMABVEV6TXW4UHE243SBS/#LGXV73N3N22CMABVEV6TXW4UHE243SBS
- https://bugzilla.suse.com/1129633
- https://www.suse.com/security/cve/CVE-2019-9894
- https://www.suse.com/security/cve/CVE-2019-9895
- https://www.suse.com/security/cve/CVE-2019-9896
- https://www.suse.com/security/cve/CVE-2019-9897
- https://www.suse.com/security/cve/CVE-2019-9898