Putty 0.71 released 16/03/2019

Discussion in 'other software & services' started by longshots, Mar 17, 2019.

  1. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    240
    Location:
    Australia
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,557
    PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted
    Bunch of bugs stomped with version 0.71
    March 19, 2019
    https://www.theregister.co.uk/2019/03/19/putty_patched_rsa_key_exchange_vuln/
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,557
    Putty v0.73 Released (September 29, 2019)
    Website
    Changelog
    Download
    These features are new in 0.73 (released 2019-09-29):
    • Security fix: on Windows, other applications were able to bind to the same TCP port as a PuTTY local port forwarding.
    • Security fix: in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
    • Bug fix (possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.
    • Bug fix: Windows Plink would crash on startup if it was acting as a connection-sharing downstream.
    • Bug fix: Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised.
    • Bug fix: tweaked terminal handling to prevent lost characters at the ends of lines in gcc's coloured error messages.
    • Bug fix: removed a bad interaction between the 'clear scrollback' operation and mouse selection that could give rise to the dreaded "line==NULL" assertion box.
    These features were new in 0.72 (released 2019-07-20):
    • Security fixes found by the EU-funded bug bounty:
      • two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
      • a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
    • Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
    • Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
    • Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
    • Bug fix: trust sigils were never turned back on if you used Restart Session
    • Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
    • Bug fix: PSCP in SCP download mode with the -p option would generate spurious complaints about illegal file renaming
    • Bug fix: the initial instruction message was never printed during SSH keyboard-interactive authentication
    • Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
    • Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
    • Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,557
    KiTTY (a fork of PuTTY)
    Website (GitHub)
    The very first requested features
    • Sessions filter
    • Portability
    • Shortcuts for pre-defined command
    • The session launcher
    • Automatic logon script
    • Automatic logon script with the RuTTY patch
    • URL hyperlinks
    Technical features
    • Automatic password
    • Automatic command
    • Running a locally saved script on a remote session
    • ZModem integration
    Graphical features
    • An icon for each session
    • Send to tray
    • Transparency
    • Protection against unfortunate keyboard input
    • Roll-up
    • Always visible
    • Quick start of a duplicate session
    • Enhanced Configuration Box
    Other features
    • Automatic saving
    • SSH Handler: Internet Explorer integration
    • pscp.exe and WinSCP integration
    • Binary compression
    • Clipboard printing
    • The PuTTYCyg patch
    • Background image
    • File association
    • Other settings
    • New command-line options
    Bonus
    • A light chat server is hidden in KiTTY
    • A hidden text editor is integrated into KiTTY
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,557
    Putty v0.74 Released (June 27, 2020)
    Website
    Changelog
    Download

    These features are new in 0.74 (released 2020-06-27):
    • Security fix: if an SSH server accepted an offer of a public key and then rejected the signature, PuTTY could access freed memory, if the key had come from an SSH agent.
    • Security feature: new config option to disable PuTTY's dynamic host key preference policy, if you prefer to avoid giving away to eavesdroppers which hosts you have stored keys for.
    • Bug fix: the installer UI was illegible in Windows high-contrast mode.
    • Bug fix: console password input failed on Windows 7.
    • Bug fixes in the terminal: one instance of the dreaded "line==NULL" error box, and two other assertion failures.
    • Bug fix: potential memory-consuming loop in bug-compatible padding of an RSA signature from an agent.
    • Bug fix: PSFTP's buffer handling worked badly with some servers (particularly proftpd's mod_sftp).
    • Bug fix: cursor could be wrongly positioned when restoring from the alternate terminal screen. (A bug of this type was fixed in 0.59; this is a case that that fix missed.)
    • Bug fix: character cell height could be a pixel too small when running GTK PuTTY on Ubuntu 20.04 (or any other system with a similarly up-to-date version of Pango).
    • Bug fix: old-style (low resolution) scroll wheel events did not work in GTK 3 PuTTY. This could stop the scroll wheel working at all in VNC.
    PuTTY -- Release 0.74 fixes two security vulnerabilities
    http://www.vuxml.org/freebsd/6190c0cd-b945-11ea-9401-2dcf562daa69.html
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.