Tracker »
Bug 1039 – Upgrade to PuTTY 0.63
:
General
:
Unspecified
:
Enhancement
:
High
:
0
2013-08-13 18:23
https://winscp.net/forum/viewtopic.php?t=12746
Changes in PuTTY 0.63:
- Four security fixes:
- vuln-modmul, vuln-bignum-division-by-zero, private-key-not-wiped: The fix will be included in WinSCP 5.1.7 and WinSCP 5.2.4 beta
- vuln-signature-stringlen: Is fixed in WinSCP 5.1.6 and WinSCP 5.2.2 beta
- Port-forwarding fix: Planned to be fixed in WinSCP 5.2.4 beta or later
- The remaining changes are irrelevant to WinSCP or internal only
- Four security fixes:
- vuln-modmul, vuln-bignum-division-by-zero, private-key-not-wiped: The fix will be included in WinSCP 5.1.7 and WinSCP 5.2.4 beta
- vuln-signature-stringlen: Is fixed in WinSCP 5.1.6 and WinSCP 5.2.2 beta
- Port-forwarding fix: Planned to be fixed in WinSCP 5.2.4 beta or later
- The remaining changes are irrelevant to WinSCP or internal only
Vulnerabilities fixed
See Bug 1017 for vuln-signature-stringlen vulnerability.
References for other three vulnerabilities:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
Bundled private key tools (PuTTYgen and Pageant) will be upgraded to 0.63 with WinSCP 5.1.7 and WinSCP 5.2.4 beta.