Jon (j_b) wrote,

Serious Security Hole in PuTTY

From their site:
PuTTY 0.56, released 10-26, fixes a serious security hole which can allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.56 as soon as possible.
Everyone reading this: Please grab a new copy of PuTTY from here(link goes to a mirror)
(this mostly for the benefit of my users who read this ;)
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded