Jon (j_b) wrote,

Serious Security Hole in PuTTY

From their site:
PuTTY 0.56, released 10-26, fixes a serious security hole which can allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.56 as soon as possible.
Everyone reading this: Please grab a new copy of PuTTY from here(link goes to a mirror)
(this mostly for the benefit of my users who read this ;)
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.