| Description: | Summary:
The remote host is missing an update for the 'putty' package(s) announced via the openSUSE-SU-2024:0005-1 advisory.
Vulnerability Insight:
This update for putty fixes the following issues:
putty was updated to to release 0.80:
* Fix CVE-2023-48795 [boo#1218128]
- Update to release 0.79
* Terminal mouse tracking: support for mouse movements which are
not drags, and support for horizontal scroll events (e.g.
generated by trackpads).
* Fixed: PuTTY could fail an assertion if a resize control
sequence was sent by the server while the window was docked to
one half of the screen in KDE.
* Fixed: PuTTY could fail an assertion if you tried to change the
font size while the window was maximised.
- Update to release 0.78
* Support for OpenSSH certificates, for both user
authentication keys and host keys.
* New SSH proxy modes, for running a custom shell command or
subsystem on the proxy server instead of forwarding a port
through it.
* New plugin system to allow a helper program to provide
responses in keyboard-interactive authentication, intended to
automate one-time password systems.
* Support for NTRU Prime post-quantum key exchange,
* Support for AES-GCM (in the OpenSSH style rather than
RFC 5647).
* Support for more forms of Diffie-Hellman key exchange: new
larger integer groups (such as group16 and group18), and
support for using those and ECDH with GSSAPI.
* Bug fix: server-controlled window title setting now works
again even if the character set is ISO 8859 (or a few other
Affected Software/OS:
'putty' package(s) on openSUSE Leap 15.4.
Solution:
Please install the updated package(s).
CVSS Score:
5.4
CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N
|
