Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-4208

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

Related bugs and status

CVE-2013-4208 (Candidate) is related to these bugs:

Bug #1209196: Update to Filezilla 3.7.3

Summary				In	Importance	Status
	1209196	Update to Filezilla 3.7.3		filezilla (Ubuntu)	Low	Fix Released

Bug #1224337: Sync filezilla 3.7.3-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1224337	Sync filezilla 3.7.3-1 (universe) from Debian unstable (main)		filezilla (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013080...
CONFIRM: http://www.chiark.gree...
DEBIAN: DSA-2736
SECUNIA: 54379
SUSE: openSUSE-SU-2013:1347
SECUNIA: 54533