PuTTY 0.71 releases: Fix multi critical vulnerabilities


Logevent [CC0], via Wikimedia Commons

PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name “PuTTY” has no official meaning.

PuTTY was originally written for Microsoft Windows, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and macOS, and unofficial ports have been contributed to platforms such as Symbian, Windows Mobile and Windows Phone.

Logevent [CC0], via Wikimedia Commons
PuTTY was written and is maintained primarily by Simon Tatham.

PuTTY supports many variations on the secure remote terminal, and provides user control over the SSH encryption key and protocol version, alternate ciphers such as AES, 3DES, Arcfour, Blowfish, DES, and Public-key authentication. PuTTY supports SSO through GSSAPI, including user provided GSSAPI DLLs. It also can emulate control sequences from xterm, VT220, VT102 or ECMA-48 terminal emulation, and allows local, remote, or dynamic port forwarding with SSH (including X11 forwarding). The network communication layer supports IPv6, and the SSH protocol supports the zlib@openssh.com delayed compression scheme. It can also be used with local serial port connections.

PuTTY comes bundled with command-line SCP and SFTP clients, called “pscp” and “psftp” respectively, and plink, a command-line connection tool, used for non-interactive sessions.

PuTTY does not support session tabs directly, but many wrappers are available that do.

Changelog v0.71

This release fixes multiple security vulnerabilities. Most were found
by contributors to a HackerOne bug bounty programme funded by the EU.
Thanks to everybody who reported bugs, to HackerOne for organising it,
and to the EU for the funding!

Vulnerabilities fixed in this release include:

 - A malicious server could trigger a buffer overrun by abusing the
   RSA key exchange protocol. This would happen before host key
   verification, so even if you trust the server you *intended* to
   connect to, you would still be at risk.

 - A malicious server could trigger a buffer overflow in Unix PuTTY by
   opening a very large number of port forwardings.

 - A malicious program able to write to the server-side terminal could
   deny service to the rest of the SSH session, by making PuTTY's
   terminal emulation code fail an assertion in at least two different
   ways, or by making it consume large amounts of memory and CPU.

 - Windows builds of PuTTY were vulnerable to hijacking if an attacker
   could arrange to drop a malicious Windows help file (.chm) in the
   same directory. Running PuTTY directly out of your browser's
   download directory, for example, might make this possible.

Other security-related improvements:

 - The cryptography code has been substantially rewritten to eliminate
   cache and timing side channels.

 - PuTTY has a new system for making legitimate authentication prompts
   distinguishable from fakes sent by the server (e.g. to try to trick
   you into sending information like private key passphrases over the
   wire). This involves displaying 'trust sigils' (in the form of the
   PuTTY icon) on lines of the terminal window that contain data
   originated by PuTTY itself, and a precautionary prompt before
   starting the main login session when using Plink interactively.
   (That prompt can be turned off if it's an inconvenience.)

 - By default, PuTTY now sanitises control characters out of data
   pasted into the terminal data; output sent to standard error by the
   server in Plink, PSCP and PSFTP; and filenames transmitted from the
   server by PSCP and PSFTP.

Other improvements:

 - We now provide builds of PuTTY for Windows on Arm, as well as for
   x86-64 and x86 Windows.

 - The GTK version of PuTTY now runs on non-X11 displays like Wayland,
   and understands high-DPI configurations.

 - You can now type ahead in a PuTTY window as soon as it opens, and
   your keystrokes will no longer be discarded. Instead, PuTTY will
   buffer them until either the login prompts or the main server
   session can use them.

 - PuTTY implements hardware-accelerated versions of the AES, SHA-256,
   and SHA-1 cryptographic functions, on both x86 and Arm platforms.

 - SSH user authentication prompts and banner messages are now allowed
   to contain printable characters outside US-ASCII.

 - PuTTY now supports Kerberos authentication via GSSAPI key exchange
   as an alternative to the previous GSSAPI user authentication
   system. This allows a Kerberos ticket forwarded to the SSH server
   to be kept up to date during a long-running SSH session.

 - Richer colour support in the terminal emulator: it now supports
   true colour, dim text via the SGR 2 sequence, and a query sequence
   that lets a server find out how many colours the terminal provides.

 - The terminal now supports the REP escape sequence to print the same
   character many times, which up-to-date versions of ncurses expect.

 - The terminal has more flexible clipboard / selection handling. You
   can now configure PuTTY not to automatically copy text to the
   clipboard as soon as you select it (i.e. to behave more like a
   normal Windows program). In the GTK version, you can configure
   which of the system clipboards PuTTY uses, or even configure
   different copy/paste keys to access different clipboards.

 - Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight
   to the top or bottom of the terminal scrollback.


PuTTY is copyright 1997-2019 Simon Tatham.