diff options
author | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-24 16:09:13 +0100 |
---|---|---|
committer | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-24 16:09:13 +0100 |
commit | 0865169d016113f866a3e24acc3610deb0565c7e (patch) | |
tree | 706ace05ae42f401110b1cb7ebce80bc37e46571 | |
parent | 848780673d6ccb997d5e950f1211e946808f4b31 (diff) |
[SECURITY] [DSA 5588-1] putty security update
-rw-r--r-- | english/security/2023/dsa-5588.data | 13 | ||||
-rw-r--r-- | english/security/2023/dsa-5588.wml | 31 |
2 files changed, 44 insertions, 0 deletions
diff --git a/english/security/2023/dsa-5588.data b/english/security/2023/dsa-5588.data new file mode 100644 index 00000000000..7aedd1b32b8 --- /dev/null +++ b/english/security/2023/dsa-5588.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-5588-1 putty</define-tag> +<define-tag report_date>2023-12-24</define-tag> +<define-tag secrefs>CVE-2021-36367 CVE-2023-48795 Bug#990901</define-tag> +<define-tag packages>putty</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2023/dsa-5588.wml b/english/security/2023/dsa-5588.wml new file mode 100644 index 00000000000..8d0a185c851 --- /dev/null +++ b/english/security/2023/dsa-5588.wml @@ -0,0 +1,31 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the +SSH protocol is prone to a prefix truncation attack, known as the +<q>Terrapin attack</q>. This attack allows a MITM attacker to effect a +limited break of the integrity of the early encrypted SSH transport +protocol by sending extra messages prior to the commencement of +encryption, and deleting an equal number of consecutive messages +immediately after encryption starts.</p> + +<p>Details can be found at <a href="https://terrapin-attack.com/">\ +https://terrapin-attack.com/</a>.</p> + +<p>For the oldstable distribution (bullseye), these problems have been fixed +in version 0.74-1+deb11u1. This update includes a fix for +<a href="https://security-tracker.debian.org/tracker/CVE-2021-36367">CVE-2021-36367</a>.</p> + +<p>For the stable distribution (bookworm), these problems have been fixed in +version 0.78-2+deb12u1.</p> + +<p>We recommend that you upgrade your putty packages.</p> + +<p>For the detailed security status of putty please refer to its security +tracker page at: +<a href="https://security-tracker.debian.org/tracker/putty">\ +https://security-tracker.debian.org/tracker/putty</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5588.data" +# $Id: $ |