PuTTY is one of most used open-source client-side programs to remotely access computers over secure SSH network protocol from Windows workstations. I use it very often to connect to embedded Linux devices and Linux servers.
Based on latest news it might be now a very good idea to update it to latest version 0.71:
PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws
https://thehackernews.com/2019/03/putty-software-hacking.html
The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities.
If you use PuTTY, make sure you download and use the latest version of it. You can find downloads by going to https://www.putty.org or https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/
By the way Putty is one of the open source software that are part of EU run Bub Bounty program to find bugs and fix them on 14 important open source software. The EU-Free and Open Source Software Auditing (EU-FOSSA) project designed to improve the security of free software.
1 Comment
Tomi Engdahl says:
Multiple Vulnerabilities Patched in PuTTY and LibSSH2
https://www.securityweek.com/multiple-vulnerabilities-patched-putty-and-libssh2
PuTTY, an SSH and Telnet client program, and LibSSH2, a client-side C library for the SSH2 protocol, have both received updates fixing multiple vulnerabilities. Eight vulnerabilities have been fixed in version 0.71 of PuTTY, and nine vulnerabilities fixed in version 1.8.1 of LibSSH2.
Seven of the eight PuTTY vulnerabilities were found through the auspices of the EU-FOSSA bug bounty project being operated through HackerOne and Intigriti/Deloitte.
The PuTTY scheme runs from 7 January 2019 until 15 December 2019. Its total available bounty is €90,000, which is the highest single amount in the scheme.
Three of the eight PuTTY vulnerabilities allow DoS attacks against it. The three conditions are, if a CJK wide character is written to a 1-column-wide terminal; combining characters, double-width text, an odd number of terminal columns, and GTK; and if many Unicode combining characters are written to the terminal.