{ "schema_version": "1.7.0", "id": "MGASA-2026-0210", "published": "2026-06-15T15:56:35Z", "modified": "2026-06-15T15:04:09Z", "summary": "Updated putty packages fix security vulnerabilities", "details": "ECDSA signature verification can be made to fail an assertion.\nServer can provoke a double free in RSA KEX code.\nTelnet session data is marked with trust sigils after authenticating to\na proxy.\nPuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification.\n(CVE-2026-4115)\n", "upstream": [ "CVE-2026-4115" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0210.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=35585" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2026/05/24/11" }, { "type": "WEB", "url": "https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsakex-double-free.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/eddsa-overlarge-s.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "putty", "purl": "pkg:rpm/mageia/putty?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.84-1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }