September 26, 2020

PuTTY 0.74 releases: security & bug fix

2 min read

PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name “PuTTY” has no official meaning.

PuTTY was originally written for Microsoft Windows, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and macOS, and unofficial ports have been contributed to platforms such as Symbian, Windows Mobile and Windows Phone.

Logevent [CC0], via Wikimedia Commons
PuTTY was written and is maintained primarily by Simon Tatham.PuTTY supports many variations on the secure remote terminal, and provides user control over the SSH encryption key and protocol version, alternate ciphers such as AES, 3DES, Arcfour, Blowfish, DES, and Public-key authentication. PuTTY supports SSO through GSSAPI, including user provided GSSAPI DLLs. It also can emulate control sequences from xterm, VT220, VT102 or ECMA-48 terminal emulation, and allows local, remote, or dynamic port forwarding with SSH (including X11 forwarding). The network communication layer supports IPv6, and the SSH protocol supports the zlib@openssh.com delayed compression scheme. It can also be used with local serial port connections.PuTTY comes bundled with command-line SCP and SFTP clients, called “pscp” and “psftp” respectively, and plink, a command-line connection tool, used for non-interactive sessions.PuTTY does not support session tabs directly, but many wrappers are available that do.

Changelog v0.74

  • Security fix: if an SSH server accepted an offer of a public key and then rejected the signature, PuTTY could access freed memory, if the key had come from an SSH agent.
  • Security feature: new config option to disable PuTTY’s dynamic host key preference policy, if you prefer to avoid giving away to eavesdroppers which hosts you have stored keys for.
  • Bug fix: the installer UI was illegible in Windows high-contrast mode.
  • Bug fix: console password input failed on Windows 7.
  • Bug fixes in the terminal: one instance of the dreaded “line==NULL” error box, and two other assertion failures.
  • Bug fix: potential memory-consuming loop in bug-compatible padding of an RSA signature from an agent.
  • Bug fix: PSFTP’s buffer handling worked badly with some servers (particularly proftpd’s mod_sftp).
  • Bug fix: cursor could be wrongly positioned when restoring from the alternate terminal screen. (A bug of this type was fixed in 0.59; this is a case that that fix missed.)
  • Bug fix: character cell height could be a pixel too small when running GTK PuTTY on Ubuntu 20.04 (or any other system with a similarly up-to-date version of Pango).
  • Bug fix: old-style (low resolution) scroll wheel events did not work in GTK 3 PuTTY. This could stop the scroll wheel working at all in VNC.

Download

PuTTY is copyright 1997-2019 Simon Tatham.