Bugzilla – Bug 1029256
VUL-0: CVE-2017-6542: putty: Integer overflow in the ssh_agent_channel_data
Last modified: 2017-03-19 14:07:35 UTC
It was found that putty is vulnerable to an integer overflow. An attacker could overwrite the heap data with his own if the system has SSH agent forwarding and he is able to connect to the Unix-domain socket representing the forwarded agent connection.
This is an autogenerated message for OBS integration:
This bug (1029256) was mentioned in
https://build.opensuse.org/request/show/479460 42.2 / putty
https://build.opensuse.org/request/show/479461 42.1 / putty
release for leap
openSUSE-SU-2017:0741-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 1029256
CVE References: CVE-2017-6542
openSUSE Leap 42.2 (src): putty-0.68-12.1
openSUSE Leap 42.1 (src): putty-0.68-12.1