Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/simontatham/statuses/112276855758487211">Simon Tatham (simontatham@hachyderm.io)'s status on Tuesday, 16-Apr-2024 07:59:52 JST</a><a href="https://hachyderm.io/@simontatham" title="simontatham@hachyderm.io"><img src="https://gnusocial.jp/avatar/180597-48-20230930221142.webp" width="48" height="48" alt="Simon Tatham" style="position: absolute; left: 0; top: 0;">Simon Tatham</a></section><article><p>We've released <a href="https://hachyderm.io/tags/PuTTY" rel="tag">#PuTTY</a> version 0.81. This is a SECURITY UPDATE, fixing a <a href="https://hachyderm.io/tags/vulnerability" rel="tag">#vulnerability</a> in ECDSA signing for <a href="https://hachyderm.io/tags/SSH" rel="tag">#SSH</a>.</p><p>If you've used a 521-bit ECDSA key (ecdsa-sha2-nistp521) with any previous version of PuTTY, consider it compromised! Generate a new key pair, and remove the old public key from authorized_keys files.</p><p>Other key types are not affected, even other sizes of ECDSA. In particular, Ed25519 is fine.</p><p>This vulnerability has id CVE-2024-31497. Full information is at <a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html" rel="nofollow noreferrer">https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2945576#notice-5857460">In conversation</a><time datetime="2024-04-16T07:59:52+09:00" title="Tuesday, 16-Apr-2024 07:59:52 JST">about a year ago</time> <span>from <span><a href="https://hachyderm.io/@simontatham/112276855758487211" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@simontatham/112276855758487211">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html">PuTTY vulnerability vuln-p521-bias</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Simon Tatham (simontatham@hachyderm.io)'s status on Tuesday, 16-Apr-2024 07:59:52 JST Simon Tatham
We've released #PuTTY version 0.81. This is a SECURITY UPDATE, fixing a #vulnerability in ECDSA signing for #SSH.
If you've used a 521-bit ECDSA key (ecdsa-sha2-nistp521) with any previous version of PuTTY, consider it compromised! Generate a new key pair, and remove the old public key from authorized_keys files.
Other key types are not affected, even other sizes of ECDSA. In particular, Ed25519 is fine.
This vulnerability has id CVE-2024-31497. Full information is at https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
In conversationabout a year ago from hachyderm.iopermalink
Attachments
1. No result found on File_thumbnail lookup.
  PuTTY vulnerability vuln-p521-bias

Public

Embed Notice

HTML Code

Corresponding Notice