arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PuTTY security update
#1
Hello all,

There is an update version of PuTTY 0.71 which was released a few days ago.

This update version includes many important security fixes. https://www.lowendtalk.com/discussion/15...-update-it

So if you have not updated PuTTY to the latest version, it should be the right time to update it now. Smile


#2
While doing that if you use things like WinSCP or Filezilla you might as well update them, too. They share common broken code that contains the serious security holes that PuTTY just fixed with the newest update.
[Image: zHHqO5Q.png]
#3
Is there a way one can update PuTTy without reinstalling it? Updating FileZilla is always a breeze. Get the feeling one needs to reinstall Putty from scratch? Would it be better to delete the current version first before reinstalling the updated release?
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#4
(03-19-2019, 08:01 AM)deanhills Wrote: Is there a way one can update PuTTy without reinstalling it? Updating FileZilla is always a breeze. Get the feeling one needs to reinstall Putty from scratch? Would it be better to delete the current version first before reinstalling the updated release?


No need to install it at all. PuTTY has portable versions for both 32-bit or 64-bit.

Go to: https://www.chiark.greenend.org.uk/~sgta...atest.html

Then download the Alternative binary files for your platform.


#5
@deanhills @tryp4vps

If you use the .exe/.msi installer that is being provided at the official homepage of PuTTY and that installs all PuTTY tools, you can simply run the installer of the new version and let it override all old tools of PuTTY. Your saved profiles and etc. are untouched by this as they're stored somewhere else.
[Image: zHHqO5Q.png]
#6
Here u are the new features
Security fixes found by an EU-funded bug bounty programme:

a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same directory as the executable
on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
multiple denial-of-service attacks that can be triggered by writing to the terminal
Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
#Copied from LET (https://www.lowendtalk.com/discussion/15...-update-it)
#7
(03-19-2019, 09:14 AM)Hidden Refuge Wrote: @deanhills @tryp4vps

If you use the .exe/.msi installer that is being provided at the official homepage of PuTTY and that installs all PuTTY tools, you can simply run the installer of the new version and let it override all old tools of PuTTY. Your saved profiles and etc. are untouched by this as they're stored somewhere else.

Just tried it, and the programme started freezing during installation.  It did install, but then when I tried putty, it wouldn't respond.  Initially it opened, but it wouldn't load the VPSs.  Then after that it timed out.  I'm sure I probably did something wrong.
____________________________________________________________

Wait a minute .... it's working now.  Perfectly.  No longer freezing.  Maybe it had to make some adjustments and when I ran it a second time it was better than ever.  Guess it's updated now, although it doesn't say so.

____________________________________________________________

Just checked in my Windows list of programs.  Only one program there and the up to date one.  So it did override the old one.  
[Image: hqEhso2.png]

In retrospect it was very easy to fix.  Here are the two Windows Installer dot.msi links for either 64 or 32 bit computers:

https://www.chiark.greenend.org.uk/~sgta...atest.html

Also updated FileZilla:

[Image: eajmyyW.png]
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#8
Putty is a great tool, it is supported on mobile devices also, always I had issue on using keys to login by putty. It seems logging into the server is more secure by keys.
But having the key files reusable through other systems may be dangerous. I hopethis update is about some security regarding that.


Thank you  Sweet



#9
(03-20-2019, 04:17 PM)Littlemaster Wrote: Putty is a great tool,  it is supported on mobile devices also, always I had issue on using keys to login by putty. It seems logging into the server is more secure by keys.
But having the key files reusable through other systems may be dangerous.  I hopethis update is about some security regarding that.

You're right @Littlemaster. The keys don't work perfect with PuTTy. Like the first time I used it end of last year, it lasted for a month, and then completely screwed me as I'd disabled login in addition to the setting up keys.

With VPS 15 I only created keys without disabling the login. This time round fortunately when the keys stopped working after I'd updated PuTTy, it allowed me to login normally. And with the changed port number. Sigh of relief! Smile
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#10
i need a help here i installed putty in my pc last 2 months and i want to uninstall putty from my pc but when i click uninstall it says uninstall success but in my pc the putty software is still visible idk how to uninstall it perfectly now when i click on uninstall again it says uninstall form admin access can anyone help me how to ?
thank you post4vps and  racknerd for wonderful vps3  Heart
 


person_pin_circle Users browsing this thread: 2 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting