V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Quaintjade
V2EX  ›  信息安全

PuTTY 发布 0.71 版,修复了一些安全漏洞

  •  
  •   Quaintjade · 2019-03-19 22:13:24 +08:00 · 2385 次点击
    这是一个创建于 2082 天前的主题,其中的信息可能已经有所发展或是发生改变。

    用 PuTTY 的可以去更新了。


    These features are new in 0.71 (released 2019-03-16):**

    • Security fixes found by an EU-funded bug bounty programme:
      • a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
      • potential recycling of random numbers used in cryptography
      • on Windows, hijacking by a malicious help file in the same directory as the executable
      • on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
      • multiple denial-of-service attacks that can be triggered by writing to the terminal
    • Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
    • User interface changes to protect against fake authentication prompts from a malicious server.
    • We now provide pre-built binaries for Windows on Arm.
    • Hardware-accelerated versions of the most common cryptographic primitives: AES, SHA-256, SHA-1.
    • GTK PuTTY now supports non-X11 displays (e.g. Wayland) and high-DPI configurations.
    • Type-ahead now works as soon as a PuTTY window is opened: keystrokes typed before authentication has finished will be buffered instead of being dropped.
    • Support for GSSAPI key exchange: an alternative to the older GSSAPI authentication system which can keep your forwarded Kerberos credentials updated during a long session.
    • More choices of user interface for clipboard handling.
    • New terminal features: support the REP escape sequence (fixing an ncurses screen redraw failure), true colour, and SGR 2 dim text.
    • Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight to the top or bottom of the terminal scrollback.
    目前尚无回复
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2864 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 21ms · UTC 06:40 · PVG 14:40 · LAX 22:40 · JFK 01:40
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.