MGASA-2026-0210
- Source
- https://advisories.mageia.org/MGASA-2026-0210.html
- Import Source
- https://advisories.mageia.org/MGASA-2026-0210.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2026-0210
- Upstream
- Published
- 2026-06-15T15:56:35Z
- Modified
- 2026-06-15T16:00:05.742000026Z
- Summary
- Updated putty packages fix security vulnerabilities
- Details
-
ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification. (CVE-2026-4115)
- References
-
- https://advisories.mageia.org/MGASA-2026-0210.html
- https://bugs.mageia.org/show_bug.cgi?id=35585
- https://www.openwall.com/lists/oss-security/2026/05/24/11
- https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
- https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsakex-double-free.html
- https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html
- https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/eddsa-overlarge-s.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / putty
Package
- Name
- putty
- Purl
- pkg:rpm/mageia/putty?arch=source&distro=mageia-9