Re: SECURITY UPDATE: PuTTY version 0.57 is released
From: Fraser Tweedale (s4054522_at_student.uq.edu.au)
Date: Tue, 22 Feb 2005 08:48:28 +1000
wow... THE Simon Tatham :)
Thanks for the heads up mate!
Simon Tatham wrote:
> SECURITY UPDATE: PuTTY version 0.57 is released
> All the pre-built binaries, and the source code, are now available
> from the PuTTY website at
> This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
> soon as possible.
> This version fixes a security hole in previous versions of PuTTY,
> which can allow a malicious SFTP server to attack your client. If
> you use either PSCP or PSFTP, you should upgrade. Users of the main
> PuTTY program are not affected. (However, note that the server must
> have passed host key verification before this attack can be
> launched, so a man-in-the-middle shouldn't be able to attack you if
> you're careful.)
> This vulnerability was found by iDEFENSE, who we expect to release
> an advisory on the subject shortly.
> In addition to this security patch, there are also a few very minor
> bug fixes which should stop PuTTY from crashing in circumstances
> involving port forwarding, or failing to correctly perform X
> forwarding. Other than that, though, 0.57 is almost identical to the
> previous release 0.56.
> I repeat: PuTTY 0.57 fixes a SERIOUS SECURITY HOLE in many previous
> versions of PSCP and PSFTP. If you use either of those programs, you
> should upgrade now.
> Enjoy using PuTTY!