Advisories » MGASA-2015-0442

Updated putty packages fix security vulnerability

Publication date: 10 Nov 2015
Modification date: 10 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5309

Description

Versions of PuTTY 0.54 and 0.65 inclusive have a potentially
memory-corrupting integer overflow in the handling of the ECH (erase
characters) control sequence in the terminal emulator (CVE-2015-5309).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17114
• http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
• http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5309

SRPMS

5/core

• putty-0.66-1.mga5