novaBBS - comp.security.ssh - PuTTY 0.76 is released

PuTTY 0.76 is released

comp.security.ssh

Path: i2pn2.org!i2pn.org!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED!not-for-mail
From: anakin@pobox.com (Simon Tatham)
Newsgroups: comp.security.ssh
Subject: PuTTY 0.76 is released
Date: 17 Jul 2021 11:57:11 +0100 (BST)
Lines: 57
Message-ID: <pUh*H3kpy@news.chiark.greenend.org.uk>
NNTP-Posting-Host: chiark.greenend.org.uk
X-Trace: chiark.greenend.org.uk 1626519433 7910 212.13.197.229 (17 Jul 2021 10:57:13 GMT)
X-Complaints-To: abuse@chiark.greenend.org.uk
NNTP-Posting-Date: Sat, 17 Jul 2021 10:57:13 +0000 (UTC)
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: simon@tunnel.thyestes.tartarus.org ([172.31.80.4])
Xref: rslight2 comp.security.ssh:238

by: Simon Tatham - Sat, 17 Jul 2021 10:57 UTC

PuTTY version 0.76 is released
------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

https://www.chiark.greenend.org.uk/~sgtatham/putty/

This is almost entirely a bug fix release based on 0.75. It also
contains one minor new feature with potential security use:

- Option to abandon an SSH connection if the server allows you to
authenticate in a trivial manner (with no passwords, responses or
signatures of any kind). This kind of authentication is sometimes
legitimate, but can also be used by malicious servers to spoof
parts of the real authentication. PuTTY's main defence against this
is the trust sigils introduced in 0.71, but this new option
provides an extra line of defence.

Bugs fixed in this release include:

- Windows PuTTY: turning on the 'Use system colours' config option
caused PuTTY to crash immediately on opening the terminal window.

- Windows PuTTY: named pipes used to communicate with Pageant were
kept open for the lifetime of the PuTTY process, causing a leak of
handles and potentially causing Pageant to hang if too many were
active at once.

- Windows PuTTY: if you used the mouse to 'hold down' the buttons at
the ends of the terminal's scrollbar, the window would fail to
update until you let go of the mouse button again.

- Changing the colour palette in mid-session using the 'Change
Settings' dialog box would not take effect immediately, but instead
would delay until a palette reset happened for some other reason.

- Changing the colour palette under server control could be
unreliable if multiple changes were sent very quickly.

- Any of the tools reading a private key file could tight-loop by
accident if the file was incomplete (e.g. missing its final
newline).

- Windows Pageant: the GUI key list window forgot to specify the
lengths of the stored keys.

- Windows: if you used MIT Kerberos for Windows, the 'Restart
Session' function would cause a crash inside the Kerberos library.

Enjoy using PuTTY!

--
for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
print("".join([chr(32+3*((k>>x)&1))for x in range(79)])) # <anakin@pobox.com>

User hostile.

devel / comp.security.ssh / PuTTY 0.76 is released