lunes, 12 de diciembre de 2011
Security problem in PuTTY SSH client fixed
The open source SSH client for Windows, PuTTY, has been updated to version 0.62. Developer Simon Tatham announced the bugfix release which includes a fix for a security issue where passwords were retained.
In previous versions of PuTTY, 0.59, 0.60 and 0.61, the password used to log on to an SSH2 server was retained in memory. The password was then retrievable by other programs that could read the memory, or could be found in swap files and crash dumps. The update also fixes non-security-related errors including correcting the rendering of underlines and VT100 line-drawing characters, removing a spurious GSSAPI authentication message, restoring saved sessions, and closing a leak of file mapping handles when authentication failed.
Details of the changes are in the release notes. Pre-built binaries and source code for the MIT-licensed PuTTY are available to download.