Bug 26875 - putty 0.74 update fixes security issue (CVE-2020-14002)
Summary: putty 0.74 update fixes security issue (CVE-2020-14002)
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: David GEIGER
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-30 20:24 CEST by David Walser
Modified: 2020-07-10 20:48 CEST (History)
0 users

See Also:
Source RPM: putty-0.73-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-06-30 20:24:13 CEST
PuTTY 0.74 has been released on June 27:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

As usual, it contains a security fix.  Filezilla will also have to be fixed, but it doesn't look like they have done so upstream yet.
Comment 1 David GEIGER 2020-06-30 21:25:45 CEST
putty updated for mga7, waiting for Filezilla upstream fixes!
Comment 2 David Walser 2020-06-30 21:29:34 CEST
putty-0.74-1.mga7 was uploaded.  There's probably a CVE, which upstream doesn't like to list, so hopefully I'll see something from another distro soon.
Comment 3 David Walser 2020-07-08 00:15:51 CEST
Fedora has issued advisories for filezilla and libfilezilla on July 4:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IRKUHQP6O6TGN64SI7PYCKHJT24Y2EY2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IRAC73KPNR4HKTRKJNLIZXCYIP6STUZN/

They updated to filezilla 3.48.1 and libfilezilla 0.22.0.

I'm guessing that's related to this.
Comment 4 David GEIGER 2020-07-08 07:18:41 CEST
Nop upstream filezilla haven't yet ported bundled putty to latest 0.74 release.
Comment 5 David Walser 2020-07-10 20:48:02 CEST
This is CVE-2020-14002.

Fedora has issued an advisory for this on July 9:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV/

Summary: putty 0.74 update fixes security issue => putty 0.74 update fixes security issue (CVE-2020-14002)


Note You need to log in before you can comment on or make changes to this bug.