GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Aug 21, 2013 12:26 pm Post subject: [ GLSA 201308-01 ] PuTTY: Multiple Vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: PuTTY: Multiple Vulnerabilities (GLSA 201308-01)
Severity: normal
Exploitable: local, remote
Date: August 21, 2013
Bug(s): #394429, #479872
ID: 201308-01
Synopsis
Multiple vulnerabilities have been found in Putty, allowing
attackers to compromise user system
Background
PuTTY is a telnet and SSH client.
Affected Packages
Package: net-misc/putty
Vulnerable: < 0.63
Unaffected: >= 0.63
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PuTTY. Please review
the CVE identifiers referenced below for details.
Impact
An attacker could entice a user to open connection to specially crafted
SSH server, possibly resulting in execution of arbitrary code with the
privileges of the process or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All PuTTY users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/putty-0.63"
|
References
CVE-2011-4607
CVE-2013-4852
Last edited by GLSA on Sun Feb 22, 2015 4:31 am; edited 3 times in total |
|