Advisories ยป MGASA-2016-0112

Updated putty packages fix CVE-2016-2563

Publication date: 16 Mar 2016
Modification date: 16 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2563

Description

Updated putty package fixes security vulnerability:

Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption
vulnerability in their treatment of the 'sink' direction (i.e. downloading
from server to client) of the old-style SCP protocol. In order for this
vulnerability to be exploited, the user must connect to a malicious server
and attempt to download any file (CVE-2016-2563).

The putty package has been updated to version 0.67 to fix this issue and a
few other bugs.  The halibut package has been updated to version 1.1 to build
the documentation.
                

References

SRPMS

5/core