Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Avoid the Gates of Hell. Use Linux -- unknown source


computers / comp.security.ssh / PuTTY 0.74 is released

SubjectAuthor
* PuTTY 0.74 is releasedSimon Tatham
`- Re: PuTTY 0.74 is releasedhelen.buus

1
Subject: PuTTY 0.74 is released
From: Simon Tatham
Newsgroups: comp.security.ssh
Date: Sat, 27 Jun 2020 07:31 UTC
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED!not-for-mail
From: ana...@pobox.com (Simon Tatham)
Newsgroups: comp.security.ssh
Subject: PuTTY 0.74 is released
Date: 27 Jun 2020 08:31:07 +0100 (BST)
Lines: 62
Message-ID: <xdE*U1BVx@news.chiark.greenend.org.uk>
NNTP-Posting-Host: chiark.greenend.org.uk
X-Trace: chiark.greenend.org.uk 1593243069 30775 212.13.197.229 (27 Jun 2020 07:31:09 GMT)
X-Complaints-To: abuse@chiark.greenend.org.uk
NNTP-Posting-Date: Sat, 27 Jun 2020 07:31:09 +0000 (UTC)
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: simon@tunnel.thyestes.tartarus.org ([172.31.80.4])
View all headers
PuTTY version 0.74 is released
------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    https://www.chiark.greenend.org.uk/~sgtatham/putty/

This is a bug fix release, and also a minor security update, fixing
two SSH-related issues.

This release fixes the following security issues:

 - In some situations an SSH server could cause PuTTY to access freed
   mdmory by pretending to accept an SSH key and then refusing the
   actual signature. It can only happen if you're using an SSH agent.

 - New configuration option to disable PuTTY's default policy of
   changing its host key algorithm preferences to prefer keys it
   already knows. (There is a theoretical information leak in this
   policy.)

Other bug fixes include:

 - Windows installer: the text in the installer UI is now visible in
   Windows high-contrast mode. (Previously it was white on white by
   mistake.)

 - Windows 7: fixed spurious OS out-of-memory error when reading
   passwords from a Windows console (e.g. psftp).

 - Terminal crash: the dreaded "line==NULL" error could happen if an
   application switched between the main and alternate screens while
   the user was looking at the scrollback.

 - Terminal crash: the terminal could fail an assertion when sending
   an empty answerback string, and when pasting text none of whose
   characters exist in the selected character set.

 - SSH: fixed endless memory-allocating loop that could be triggered
   by the combination of a misbehaving SSH agent and PuTTY's bug
   compatibility mode for padded RSA signatures.

 - File transfer: when uploading files to some SFTP servers (e.g. the
   one in proftpd's mod_sftp), PSFTP would consume up to 4GB of local
   memory before sending anything to the server.

 - Terminal behaviour: sometimes the cursor was put in the wrong place
   after restoring from the alternate screen.

 - GTK: fixed font size calculation when using newer Pango libraries
   (e.g. the one on Ubuntu 20.04).

 - GTK: scroll wheel events now work in unusual environments like VNC.

Enjoy using PuTTY!

--
import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1(
m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r
and m)(0xb80b5dacabab6145,0xf70027d345023,0x7643bc4018957897,0x11c2e5d9951130c9
,0xa54d9cbe4e8ab,0x746c50eaa1910,      "Simon Tatham <anakin@pobox.com>"     ))


Subject: Re: PuTTY 0.74 is released
From: helen.b...@gmail.com
Newsgroups: comp.security.ssh
Date: Sun, 12 Jul 2020 21:12 UTC
References: 1
X-Received: by 2002:ac8:60c5:: with SMTP id i5mr11472281qtm.268.1594588379482;
Sun, 12 Jul 2020 14:12:59 -0700 (PDT)
X-Received: by 2002:a37:4683:: with SMTP id t125mr77678530qka.416.1594588379262;
Sun, 12 Jul 2020 14:12:59 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder7.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Sun, 12 Jul 2020 14:12:58 -0700 (PDT)
In-Reply-To: <xdE*U1BVx@news.chiark.greenend.org.uk>
Complaints-To: groups-abuse@google.com
Injection-Info: google-groups.googlegroups.com; posting-host=96.27.23.91; posting-account=zcqa9QoAAACORor6hkz5KOwz_UB1lkRT
NNTP-Posting-Host: 96.27.23.91
References: <xdE*U1BVx@news.chiark.greenend.org.uk>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <86811cd6-dba4-4f25-8194-797e91bc45edo@googlegroups.com>
Subject: Re: PuTTY 0.74 is released
From: helen.b...@gmail.com
Injection-Date: Sun, 12 Jul 2020 21:12:59 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
View all headers
On Saturday, June 27, 2020 at 3:31:10 AM UTC-4, Simon Tatham wrote:
PuTTY version 0.74 is released
------------------------------
<snip>
 - New configuration option to disable PuTTY's default policy of
   changing its host key algorithm preferences to prefer keys it
   already knows. (There is a theoretical information leak in this
   policy.)
<snip>

Is there an easy way to make this the default policy for all existing saved sessions and to make it the default policy for any new sessions? I've been experimenting with it, and right now the only thing that seems to work is to load a saved session, go the the "Host keys" panel, uncheck the option, go back to the Session panel and save the session. I've got about a dozen saved sessions, and checking the option one session at a time is going to get tedious. Also, I haven't figured out how to change the default behavior for future saved sessions.

YIA


1
rocksolid light 0.7.2
clearneti2ptor