Security update for putty SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2276-1 Final 1 1 2019-10-07T12:22:30Z current 2019-10-07T12:22:30Z 2019-10-07T12:22:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for putty This update for putty to version 0.73 fixes the following issues: Security issues fixed: - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2276 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SUQ5V2FJFJZ3GWTMWUOQ6WV4D5XRWHAW/#SUQ5V2FJFJZ3GWTMWUOQ6WV4D5XRWHAW E-Mail link for openSUSE-SU-2019:2276-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1152753 SUSE Bug 1152753 https://www.suse.com/security/cve/CVE-2019-17068/ SUSE CVE CVE-2019-17068 page https://www.suse.com/security/cve/CVE-2019-17069/ SUSE CVE CVE-2019-17069 page openSUSE Leap 15.0 putty-0.73-lp150.18.1 putty-0.73-lp150.18.1 as a component of openSUSE Leap 15.0 PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. CVE-2019-17068 openSUSE Leap 15.0:putty-0.73-lp150.18.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SUQ5V2FJFJZ3GWTMWUOQ6WV4D5XRWHAW/#SUQ5V2FJFJZ3GWTMWUOQ6WV4D5XRWHAW https://www.suse.com/security/cve/CVE-2019-17068.html CVE-2019-17068 https://bugzilla.suse.com/1152753 SUSE Bug 1152753 PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. CVE-2019-17069 openSUSE Leap 15.0:putty-0.73-lp150.18.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SUQ5V2FJFJZ3GWTMWUOQ6WV4D5XRWHAW/#SUQ5V2FJFJZ3GWTMWUOQ6WV4D5XRWHAW https://www.suse.com/security/cve/CVE-2019-17069.html CVE-2019-17069 https://bugzilla.suse.com/1152753 SUSE Bug 1152753