CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2024/04/15 16:20:50
Modified files:
net/putty : Tag: OPENBSD_7_5 Makefile distinfo
Log message:
update to putty-0.81, fix CVE-2024-31497.
The PuTTY client and all related components generate heavily biased ECDSA
nonces in the case of NIST P-521. To be more precise, the first 9 bits of each
ECDSA nonce are zero. This allows for full secret key recovery in roughly 60
signatures by using state-of-the-art techniques. These signatures can either
be harvested by a malicious server (man-in-the-middle attacks are not possible
given that clients do not transmit their signature in the clear) or from any
other source, e.g. signed git commits through forwarded agents.
"All NIST P-521 client keys used with PuTTY must be considered compromised"
