Er is een nieuwe release van PuTTY beschikbaar gekomen. PuTTY is een van de populairste telnet- en ssh-clients, waarmee het mogelijk is om een computer over een beveiligde verbinding op afstand te beheren. Oorspronkelijk was het programma alleen beschikbaar voor Windows, maar er zijn tegenwoordig ook clients voor de diverse Unix-platforms. De changelog voor sinds versie 0.71 kan hieronder worden gevonden.
These features are new in 0.73:
These features were new in 0.72:
- Security fix: on Windows, other applications were able to bind to the same TCP port as a PuTTY local port forwarding.
- Security fix: in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
- Bug fix (possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.
- Bug fix: Windows Plink would crash on startup if it was acting as a connection-sharing downstream.
- Bug fix: Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised.
- Bug fix: tweaked terminal handling to prevent lost characters at the ends of lines in gcc's coloured error messages.
- Bug fix: removed a bad interaction between the 'clear scrollback' operation and mouse selection that could give rise to the dreaded "line==NULL" assertion box.
- Security fixes found by the EU-funded bug bounty:
- two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
- a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
- Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
- Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
- Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
- Bug fix: trust sigils were never turned back on if you used Restart Session
- Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
- Bug fix: PSCP in SCP download mode with the -p option would generate spurious complaints about illegal file renaming
- Bug fix: the initial instruction message was never printed during SSH keyboard-interactive authentication
- Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
- Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
- Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested