|
Les commentaires appartiennent à leurs auteurs. Nous ne sommes pas responsables de leur contenu.
Auteur | Commentaire en débat |
---|---|
jasonliu777 | Posté le: 20/07/2019 11:47 Mis à jour: 20/07/2019 11:47 |
Expert
Inscrit le: 06/09/2017
De: China
Contributions: 1376
|
v 0.72
v 0.72 (released 2019-07-20):
Security fixes found by the EU-funded bug bounty:
two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
Bug fix: trust sigils were never turned back on if you used Restart Session
Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
Bug fix: PSCP in SCP download mode with the -p option would generate spurious complaints about illegal file renaming
Bug fix: the initial instruction message was never printed during SSH keyboard-interactive authentication
Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested
|
jasonliu777 | Posté le: 29/10/2022 13:36 Mis à jour: 29/10/2022 13:37 |
Expert
Inscrit le: 06/09/2017
De: China
Contributions: 1376
|
PuTTY 0.78
v 0.78 (released 2022-10-29):
Support for OpenSSH certificates, for both user authentication keys and host keys.
New SSH proxy modes, for running a custom shell command or subsystem on the proxy server instead of forwarding a port through it.
New plugin system to allow a helper program to provide responses in keyboard-interactive authentication, intended to automate one-time password systems.
Support for NTRU Prime post-quantum key exchange,
Support for AES-GCM (in the OpenSSH style rather than RFC 5647).
Support for more forms of Diffie-Hellman key exchange: new larger integer groups (such as group16 and group18), and support for using those and ECDH with GSSAPI.
Bug fix: the 32-bit Windows build now runs on Windows XP again.
Bug fix: server-controlled window title setting now works again even if the character set is ISO 8859 (or a few other affected single-byte character sets).
Bug fix: certain forms of OSC escape sequences (sent by some real servers) could cause PuTTY to crash.
Bug fix: the -pwfile/-pw options no longer affect local key passphrase prompts, and no longer suppress Plink's anti-spoofing measures.
Note: installing the 0.78 or later Windows installer will not automatically uninstall 0.77 or earlier, due to a change we've made to work around a bug. We recommend uninstalling the old version first, if possible. If both end up installed, uninstalling both and then re-installing the new version will fix things up.
|