List: putty-announce
Subject: PuTTY 0.67 is released
From: Simon Tatham <anakin () pobox ! com>
Date: 2016-03-05 8:54:21
Message-ID: 1457168004-sup-8307 () atreus ! tartarus ! org
[Download RAW message or body]
PuTTY version 0.67 is released
------------------------------
All the pre-built binaries, and the source code, are now available
from the PuTTY website at
http://www.chiark.greenend.org.uk/~sgtatham/putty/
This is a SECURITY UPDATE. We recommend that everybody upgrade, as
soon as possible.
This release fixes a security hole in PSCP, in the old-style SCP
protocol. A server sending a malformed header before the contents of
the file could overrun a buffer exploitably in PSCP. [CVE-2016-2563]
In addition to fixing that vulnerability, this release has other
security-related updates:
- Windows PuTTY now sets its process ACL more restrictively, in an
attempt to defend against malicious other processes reading
sensitive data out of its memory.
- We have started using Authenticode to sign our Windows executables
and installer. They should show a verified publisher name of 'Simon
Tatham'.
- Assorted other fixes for crash-type bugs (but none known to be
exploitable).
Enjoy using PuTTY!
Cheers,
Simon
--
import hashlib; print (lambda p,q,g,y,r,s,m: m if (lambda w:(pow(g,int(hashlib.
sha1(m).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r else "!"
)(0xb80b5dacabab6145, 0xf70027d345023, 0x7643bc4018957897, 0x11c2e5d9951130c9,
0xa54d9cbe4e8ab, 0x746c50eaa1910, "Simon Tatham <anakin@pobox.com>")
_______________________________________________
PuTTY-announce mailing list
PuTTY-announce@lists.tartarus.org
http://lists.tartarus.org/mailman/listinfo/putty-announce
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic