Mailinglist Archive

	Just in case anyone missed it through other channels.  Please pass on 
to the 53 List and the DoD Webmasters list (those of you who are on 
those lists).

-------- Original Message --------
Subject: SECURITY UPDATE: PuTTY version 0.57 is released
Date: Sun, 20 Feb 2005 16:05:30 +0000
From: Simon Tatham 
To: putty-announce@lists.tartarus.org

SECURITY UPDATE: PuTTY version 0.57 is released
-----------------------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

     http://www.chiark.greenend.org.uk/~sgtatham/putty/

This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
soon as possible.

This version fixes a security hole in previous versions of PuTTY,
which can allow a malicious SFTP server to attack your client. If
you use either PSCP or PSFTP, you should upgrade. Users of the main
PuTTY program are not affected. (However, note that the server must
have passed host key verification before this attack can be
launched, so a man-in-the-middle shouldn't be able to attack you if
you're careful.)

This vulnerability was found by iDEFENSE, who we expect to release
an advisory on the subject shortly.

In addition to this security patch, there are also a few very minor
bug fixes which should stop PuTTY from crashing in circumstances
involving port forwarding, or failing to correctly perform X
forwarding. Other than that, though, 0.57 is almost identical to the
previous release 0.56.

I repeat: PuTTY 0.57 fixes a SERIOUS SECURITY HOLE in many previous
versions of PSCP and PSFTP. If you use either of those programs, you
should upgrade now.

Enjoy using PuTTY!

Cheers,
Simon
-- 
Simon Tatham         "The distinction between the enlightened and the
    terminally confused is only apparent to the latter."

_______________________________________________
PuTTY-announce mailing list
PuTTY-announce@lists.tartarus.org
http://lists.tartarus.org/mailman/listinfo/putty-announce


-- 
My Useless Vanity Page
http://www.webtrek.com/joe