Advisories » MGASA-2017-0093

Updated putty packages fix security vulnerability

Publication date: 27 Mar 2017
Modification date: 27 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6542

Description

In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers
that are also able to connect to the UNIX domain socket could have
overwritten heap data (CVE-2017-6542).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20525
• http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
• http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6542

SRPMS

5/core

• putty-0.68-1.mga5