xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Opened 2 years ago

Closed 2 years ago

Last modified 6 months ago

#2222 closed defect (fixed)

update putty to v0.71

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: blocker Milestone: 2.5
Component: packaging Version: 2.4.x
Keywords: Cc:

Description

PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted: That really is a 'game over' level vulnerability for a secure network protocol: a MITM attacker could bypass the SSH host key system completely.

Change History (2)

comment:1 Changed 2 years ago by Antoine Martin

Resolution: fixed
Status: newclosed

The problem is that we use the tortoisesvn builds of putty so that we get a GUI for password and key confirmation.
Since we can't wait for them to make a new release, r22126 switches to paramiko as default on win32 (now identical to all the other platforms).

To go back to the previous behaviour, and ignoring the serious security vulnerability (...), use xpra --ssh="C:\Program Files\Xpra\Plink.exe -ssh -noagent".

comment:2 Changed 6 months ago by migration script

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2222

Note: See TracTickets for help on using tickets.