ID de Prueba:	1.3.6.1.4.1.25623.1.0.856086
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2024:0111-1)
Resumen:	The remote host is missing an update for the 'putty' package(s) announced via the openSUSE-SU-2024:0111-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'putty' package(s) announced via the openSUSE-SU-2024:0111-1 advisory. Vulnerability Insight: This update for putty fixes the following issues: Update to release 0.81 * Fix CVE-2024-31497: NIST P521 / ecdsa-sha2-nistp521 signatures are no longer generated with biased values of k. The previous bias compromises private keys. Affected Software/OS: 'putty' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.4 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-31497 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/ https://bugzilla.redhat.com/show_bug.cgi?id=2275183 https://bugzilla.suse.com/show_bug.cgi?id=1222864 https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty https://filezilla-project.org/versions.php https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git https://github.com/advisories/GHSA-6p4c-r453-8743 https://github.com/daedalus/BreakingECDSAwithLLL https://news.ycombinator.com/item?id=40044665 https://security-tracker.debian.org/tracker/CVE-2024-31497 https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/ https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward https://tortoisegit.org https://twitter.com/CCBalert/status/1780229237569470549 https://twitter.com/lambdafu/status/1779969509522133272 https://winscp.net/eng/news.php https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/ https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.openwall.com/lists/oss-security/2024/04/15/6 https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/ https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html http://www.openwall.com/lists/oss-security/2024/04/15/6
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.