Security issue with PuTTY v.54

[vulnwatch () exocet ca]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Haven't seen this on the Vulnwatch list yet, so:

PuTTY v.54 apparently has a rather serious security issue.  Lifted
straight from the author's web site:


"2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55

"PuTTY 0.55, released today, fixes a serious security hole which may
allow a server to execute code of its choice on a PuTTY client
connecting to it. In SSH2, the attack can be performed before host key
verification, meaning that even if you trust the server you think you
are connecting to, a different machine could be impersonating it and
could launch the attack before you could tell the difference. We
recommend everybody upgrade to 0.55 as soon as possible."

PuTTY can be downloaded from the author's site at:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html


- --
Sent via Mozilla v1.7
Deepthought: Debian GNU/Linux (Services: SSH, DNS, IMAP, Web!)
The PGP signature verifies that I, not an imposter, sent this email.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBEQhmGuSF7OL+BegRAjd3AKDaDBU9oMYycCuYkDj4ornJIYwJkgCg/Dqh
Y253hMoVNWPwZPvA4oqtd8U=
=jDWy
-----END PGP SIGNATURE-----