{"affected":[{"ecosystem_specific":{"binaries":[{"putty":"0.72-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15","name":"putty","purl":"pkg:rpm/suse/putty&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.72-bp151.4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"putty":"0.72-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"putty","purl":"pkg:rpm/suse/putty&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.72-bp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for putty fixes the following issues:\n\nUpdate to new upstream release 0.72 [boo#1144547, boo#1144548]\n\n* Fixed two separate vulnerabilities affecting the obsolete\n  SSH-1 protocol, both available before host key checking.\n* Fixed a vulnerability in all the SSH client tools (PuTTY,\n  Plink, PSFTP and PSCP) if a malicious program can impersonate\n  Pageant.\n* Fixed a crash in GSSAPI / Kerberos key exchange triggered if\n  the server provided an ordinary SSH host key as part of the\n  exchange.\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.","id":"openSUSE-SU-2019:2017-1","modified":"2019-08-26T18:19:50Z","published":"2019-08-26T18:19:50Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JCG72FA36GGTI6UG4T327DVEQLC4Z2XM/#JCG72FA36GGTI6UG4T327DVEQLC4Z2XM"},{"type":"REPORT","url":"https://bugzilla.suse.com/1144547"},{"type":"REPORT","url":"https://bugzilla.suse.com/1144548"}],"related":[],"summary":"Recommended update for putty","upstream":[]}