{"id":"MGASA-2019-0153","summary":"Updated putty/filezilla/wxgtk packages fix security vulnerability","details":"A remotely triggerable memory overwrite in RSA key exchange in PuTTY before\n0.71 can occur before host key verification (CVE-2019-9894).\n\nIn PuTTY versions before 0.71 on Unix, a remotely triggerable buffer\noverflow exists in any kind of server-to-client forwarding (CVE-2019-9895).\n\nMultiple denial-of-service attacks that can be triggered by writing to the\nterminal exist in PuTTY versions before 0.71 (CVE-2019-9897).\n\nPotential recycling of random numbers used in cryptography exists within\nPuTTY before 0.71 (CVE-2019-9898).\n\nThe putty package has been updated to version 0.71 and the filezilla package\nhas been updated and patched to fix these issues.\n\nwxgtk has been updated to fix an assert when starting filezilla.\n","modified":"2026-04-16T01:46:03.748284426Z","published":"2019-05-07T21:38:09Z","upstream":["CVE-2019-9894","CVE-2019-9895","CVE-2019-9897","CVE-2019-9898"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0153.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24547"},{"type":"WEB","url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LDO3F267P347E6U2IILFCYW7JPTLCCES/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TBPZ6RAMBOJAKKPJ54MPIPJTXNB2T6FW/"},{"type":"WEB","url":"https://trac.wxwidgets.org/ticket/17942"}],"affected":[{"package":{"name":"putty","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/putty?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.71-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0153.json"}},{"package":{"name":"filezilla","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/filezilla?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.31.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0153.json"}},{"package":{"name":"libfilezilla","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libfilezilla?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0153.json"}},{"package":{"name":"wxgtk","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wxgtk?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.3.1-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0153.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}