首页   注册   登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX  ›  信息安全

PuTTY 发布 0.71 版,修复了一些安全漏洞

  •  
  •   Quaintjade · 67 天前 · 330 次点击
    这是一个创建于 67 天前的主题,其中的信息可能已经有所发展或是发生改变。

    用 PuTTY 的可以去更新了。


    These features are new in 0.71 (released 2019-03-16):**

    • Security fixes found by an EU-funded bug bounty programme:
      • a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
      • potential recycling of random numbers used in cryptography
      • on Windows, hijacking by a malicious help file in the same directory as the executable
      • on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
      • multiple denial-of-service attacks that can be triggered by writing to the terminal
    • Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
    • User interface changes to protect against fake authentication prompts from a malicious server.
    • We now provide pre-built binaries for Windows on Arm.
    • Hardware-accelerated versions of the most common cryptographic primitives: AES, SHA-256, SHA-1.
    • GTK PuTTY now supports non-X11 displays (e.g. Wayland) and high-DPI configurations.
    • Type-ahead now works as soon as a PuTTY window is opened: keystrokes typed before authentication has finished will be buffered instead of being dropped.
    • Support for GSSAPI key exchange: an alternative to the older GSSAPI authentication system which can keep your forwarded Kerberos credentials updated during a long session.
    • More choices of user interface for clipboard handling.
    • New terminal features: support the REP escape sequence (fixing an ncurses screen redraw failure), true colour, and SGR 2 dim text.
    • Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight to the top or bottom of the terminal scrollback.
    目前尚无回复
    关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   2290 人在线   最高记录 5043   ·  
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.3 · 28ms · UTC 08:07 · PVG 16:07 · LAX 01:07 · JFK 04:07
    ♥ Do have faith in what you're doing.
    沪ICP备16043287号-1