2015-03-06
ALT-BU-2015-2340-1
Branch t7 update bulletin.
Closed vulnerabilities
Published: 2015-03-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-2157
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
Severity: LOW (2.1)
References:
- FEDORA-2015-3070
- FEDORA-2015-3070
- FEDORA-2015-3204
- FEDORA-2015-3204
- FEDORA-2015-3160
- FEDORA-2015-3160
- openSUSE-SU-2015:0474
- openSUSE-SU-2015:0474
- http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
- DSA-3190
- DSA-3190
- [oss-security] 20150228 CVE Request: PuTTY fails to clear private key information from memory
- [oss-security] 20150228 CVE Request: PuTTY fails to clear private key information from memory
- [oss-security] 20150228 Re: CVE Request: PuTTY fails to clear private key information from memory
- [oss-security] 20150228 Re: CVE Request: PuTTY fails to clear private key information from memory
- 72825
- 72825