openSUSE Security Update : putty (openSUSE-2019-1985)

medium Nessus Plugin ID 128110

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for putty fixes the following issues :

Update to new upstream release 0.72 [boo#1144547, boo#1144548]

- Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking.

- Fixed a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant.

- Fixed a crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange.

Solution

Update the affected putty packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1144547

https://bugzilla.opensuse.org/show_bug.cgi?id=1144548

Plugin Details

Severity: Medium

ID: 128110

File Name: openSUSE-2019-1985.nasl

Version: 1.2

Type: Local

Agent: unix

Published: 8/23/2019

Updated: 9/23/2020

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Vulnerability Information

CPE: cpe:/o:novell:opensuse:15.1, p-cpe:/a:novell:opensuse:putty-debuginfo, p-cpe:/a:novell:opensuse:putty, p-cpe:/a:novell:opensuse:putty-debugsource

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 8/21/2019

Vulnerability Publication Date: 8/21/2019