Bugzilla – Bug 833567
VUL-0: CVE-2013-4852: putty: Integer overflow results heap-based buffer overflow
Last modified: 2015-02-18 22:33:39 UTC
"PuTTY versions 0.62 and earlier - as well as all software that
integrates these versions of PuTTY - are vulnerable to an integer overflow
leading to heap overflow during the SSH handshake before authentication,
caused by improper bounds checking of the length parameter received from the
This allows remote attackers to cause denial of service, and may have more
severe impact on the operation of software that uses PuTTY code."
Fix available in the SVN .
Turns out I am not the maintainer, but here we go.. updated to 0.63 which was released just now:
SR to X11:Utilities https://build.opensuse.org/request/show/186142
MR for 12.3: https://build.opensuse.org/request/show/186144
Not so fast.
MR for 12.3 is now 186147.
This is an autogenerated message for OBS integration:
This bug (833567) was mentioned in
https://build.opensuse.org/request/show/186147 Maintenance /
After this fixes an security-issue I changed the needinfo to our security-team.
update accepted, waiting in 7 day queue
openSUSE-SU-2013:1355-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 833567
CVE References: CVE-2013-4852
openSUSE 12.3 (src): putty-0.63-2.4.1