Security update for putty SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0474-1 Final 1 1 2015-03-03T15:07:46Z current 2015-03-03T15:07:46Z 2015-03-03T15:07:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for putty The SSH Terminal emulator putty was updated to the new upstream release 0.64, fixing security issues and bugs: Security fix: PuTTY no longer retains the private half of users' keys in memory by mistake after authenticating with them. [bsc#920167] (CVE-2015-2157) New feature: Support for SSH connection sharing, so that multiple instances of PuTTY to the same host can share a single SSH connection instead of all having to log in independently. Bug fix: IPv6 literals are handled sensibly throughout the suite, if you enclose them in square brackets to prevent the colons being mistaken for a :port suffix. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html E-Mail link for openSUSE-SU-2015:0474-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings putty-0.64-2.4.1 The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. CVE-2015-2157 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html https://www.suse.com/security/cve/CVE-2015-2157.html CVE-2015-2157 https://bugzilla.suse.com/920167 SUSE Bug 920167