[Yeah, PuTTY doesn't run under Linux, but then all the people I know who use PuTTY use it to connect to Linux boxen anyway :) So for all you underprivileged types who have to run Winduhs for some reason even though your heart lies in the great open spaces of kernel source, please upgrade PuTTY -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-ID: <[EMAIL PROTECTED]> From: Anatole Shaw <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: PuTTY SSH client vulnerability Date: Tue, 26 Oct 2004 23:02:22 -0400 >From http://www.chiark.greenend.org.uk/~sgtatham/putty/ ====================================================================== 2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56 PuTTY 0.56, released today, fixes a serious security hole which can allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.56 as soon as possible. That's two really bad holes in three months. I'd like to apologise to all our users for the inconvenience. ====================================================================== ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
