Bugzilla – Bug 1029256
VUL-0: CVE-2017-6542: putty: Integer overflow in the ssh_agent_channel_data
Last modified: 2017-03-19 14:07:35 UTC
It was found that putty is vulnerable to an integer overflow. An attacker could overwrite the heap data with his own if the system has SSH agent forwarding and he is able to connect to the Unix-domain socket representing the forwarded agent connection. Upstream patch: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 References: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html https://bugzilla.redhat.com/show_bug.cgi?id=1431716 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6542
This is an autogenerated message for OBS integration: This bug (1029256) was mentioned in https://build.opensuse.org/request/show/479460 42.2 / putty https://build.opensuse.org/request/show/479461 42.1 / putty
update running
release for leap
openSUSE-SU-2017:0741-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1029256 CVE References: CVE-2017-6542 Sources used: openSUSE Leap 42.2 (src): putty-0.68-12.1 openSUSE Leap 42.1 (src): putty-0.68-12.1