PuTTY 发布 0.62 版本,修复了将密码保存到内存中的安全漏洞,强烈推荐所有用户升级,详见完整更新日志。消息来源:
The open source SSH client for Windows, PuTTY, has been updated to version 0.62. Developer Simon Tatham announced the bugfix release which includes a fix for a security issue where passwords were retained.
In previous versions of PuTTY, 0.59, 0.60 and 0.61, the password used to log on to an SSH2 server was retained in memory. The password was then retrievable by other programs that could read the memory, or could be found in swap files and crash dumps. The update also fixes non-security-related errors including correcting the rendering of underlines and VT100 line-drawing characters, removing a spurious GSSAPI authentication message, restoring saved sessions, and closing a leak of file mapping handles when authentication failed.
Details of the changes are in the release notes. Pre-built binaries and source code for the MIT-licensed PuTTY are available to download.
The open source SSH client for Windows, PuTTY, has been updated to version 0.62. Developer Simon Tatham announced the bugfix release which includes a fix for a security issue where passwords were retained.
In previous versions of PuTTY, 0.59, 0.60 and 0.61, the password used to log on to an SSH2 server was retained in memory. The password was then retrievable by other programs that could read the memory, or could be found in swap files and crash dumps. The update also fixes non-security-related errors including correcting the rendering of underlines and VT100 line-drawing characters, removing a spurious GSSAPI authentication message, restoring saved sessions, and closing a leak of file mapping handles when authentication failed.
Details of the changes are in the release notes. Pre-built binaries and source code for the MIT-licensed PuTTY are available to download.
