advisories/20525.adv

type: security
subject: Updated putty packages fix security vulnerability
CVE:
 - CVE-2017-6542
src:
  5:
   core:
     - putty-0.68-1.mga5
description: |
  In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers
  that are also able to connect to the UNIX domain socket could have
  overwritten heap data (CVE-2017-6542).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20525
 - http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
 - http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
ID: MGASA-2017-0093
1	type: security
2	subject: Updated putty packages fix security vulnerability
3	CVE:
4	- CVE-2017-6542
5	src:
6	5:
7	core:
8	- putty-0.68-1.mga5
9	description: \|
10	In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers
11	that are also able to connect to the UNIX domain socket could have
12	overwritten heap data (CVE-2017-6542).
13	references:
14	- https://bugs.mageia.org/show_bug.cgi?id=20525
15	- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
16	- http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
17	ID: MGASA-2017-0093