FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

putty -- add protocol extension against 'Terrapin attack'

Affected packages
putty < 0.80
putty-nogtk < 0.80

Details

VuXML ID 91955195-9ebb-11ee-bc14-a703705db3a6
Discovery 2023-10-16
Entry 2023-12-19

Simon Tatham reports:

PuTTY version 0.80 [contains] one security fix [...] for a newly discovered security issue known as the 'Terrapin' attack, also numbered CVE-2023-48795. The issue affects widely-used OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305 cipher system, and 'encrypt-then-MAC' mode.

In order to benefit from the fix, you must be using a fixed version of PuTTY _and_ a server with the fix, so that they can agree to adopt a modified version of the protocol. [...]

[source]

References

CVE Name CVE-2023-48795
URL https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html
URL https://terrapin-attack.com/
URL https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
URL https://www.openssh.com/txt/release-9.6

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.