[Bug 1467631] Re: CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory

Launchpad Bug Tracker Tue, 23 Jun 2015 05:41:59 -0700

This bug was fixed in the package putty - 0.63-8ubuntu0.1

---------------
putty (0.63-8ubuntu0.1) utopic-security; urgency=medium


  * SECURITY UPDATE: PuTTY did not properly wipe SSH-2 Private Keys from
    system memory, which can allow local users to obtain sensitive information
    by reading the memory. (LP: #1467631)
    - debian/patches/private-key-not-wiped-2.patch: Add in fix patch from
      Debian 0.63-10 packaging.  Thanks to Patrick Coleman for the original
      patch.
    - CVE-2015-2157

 -- Thomas Ward <tew...@ubuntu.com>  Mon, 22 Jun 2015 14:12:25 -0400

** Changed in: putty (Ubuntu Utopic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1467631

Title:
  CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/putty/+bug/1467631/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1467631] Re: CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory

Reply via email to