putty-0.76-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11201 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z putty-0.76-1.2 on GA media These are all security issues fixed in the putty-0.76-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11201 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11201 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-6542/ SUSE CVE CVE-2017-6542 page https://www.suse.com/security/cve/CVE-2019-17068/ SUSE CVE CVE-2019-17068 page https://www.suse.com/security/cve/CVE-2019-17069/ SUSE CVE CVE-2019-17069 page openSUSE Tumbleweed putty-0.76-1.2 putty-0.76-1.2 as a component of openSUSE Tumbleweed The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. CVE-2017-6542 openSUSE Tumbleweed:putty-0.76-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6542.html CVE-2017-6542 https://bugzilla.suse.com/1029256 SUSE Bug 1029256 PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. CVE-2019-17068 openSUSE Tumbleweed:putty-0.76-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-17068.html CVE-2019-17068 https://bugzilla.suse.com/1152753 SUSE Bug 1152753 PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. CVE-2019-17069 openSUSE Tumbleweed:putty-0.76-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-17069.html CVE-2019-17069 https://bugzilla.suse.com/1152753 SUSE Bug 1152753