The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PuTTy Security update released :: 0.57 ::

Discussion in 'Security' started by deborahgsmith, Feb 20, 2005.

  1. deborahgsmith

    deborahgsmith Member

    May 18, 2004
    Likes Received:
    Trophy Points:
    SE Michigan
    SECURITY UPDATE: PuTTY version 0.57 is released

    All the pre-built binaries, and the source code, are now available
    from the PuTTY website at

    This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
    soon as possible.

    This version fixes a security hole in previous versions of PuTTY,
    which can allow a malicious SFTP server to attack your client. If
    you use either PSCP or PSFTP, you should upgrade. Users of the main
    PuTTY program are not affected. (However, note that the server must
    have passed host key verification before this attack can be
    launched, so a man-in-the-middle shouldn't be able to attack you if
    you're careful.)

    This vulnerability was found by iDEFENSE, who we expect to release
    an advisory on the subject shortly.

    In addition to this security patch, there are also a few very minor
    bug fixes which should stop PuTTY from crashing in circumstances
    involving port forwarding, or failing to correctly perform X
    forwarding. Other than that, though, 0.57 is almost identical to the
    previous release 0.56.

    I repeat: PuTTY 0.57 fixes a SERIOUS SECURITY HOLE in many previous
    versions of PSCP and PSFTP. If you use either of those programs, you
    should upgrade now.

    Enjoy using PuTTY!

    Simon Tatham "The distinction between the enlightened and the
    <> terminally confused is only apparent to the latter."

    PuTTY-announce mailing list

Share This Page