MATTA-2015-002
Florent Daigniere discovered that PuTTY did not enforce an
acceptable range for the Diffie-Hellman server value, as required by
RFC 4253, potentially allowing an eavesdroppable connection to be
established in the event of a server weakness.
#779488,
CVE-2015-2157
Patrick Coleman discovered that PuTTY did not clear SSH-2 private
key information from memory when loading and saving key files, which
could result in disclosure of private key material.
For Debian 6 Squeeze, these issues have been fixed in putty version 0.60+2010-02-20-1+squeeze3
CPE | Name | Operator | Version |
---|---|---|---|
putty | eq | 0.60+2010-02-20-1+squeeze1 | |
putty | eq | 0.60+2010-02-20-1 | |
putty | eq | 0.60+2010-02-20-1+squeeze2 |