• PuTTY 0.80 is released

    From Simon Tatham@21:1/5 to All on Mon Dec 18 15:29:34 2023
    PuTTY version 0.80 is released
    ------------------------------

    All the pre-built binaries, and the source code, are now available
    from the PuTTY website at

    https://www.chiark.greenend.org.uk/~sgtatham/putty/

    This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
    soon as possible.

    There is one security fix in this release:

    - Fix for a newly discovered security issue known as the 'Terrapin'
    attack, also numbered CVE-2023-48795. The issue affects widely-used
    OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305
    cipher system, and 'encrypt-then-MAC' mode.

    In order to benefit from the fix, you must be using a fixed version
    of PuTTY _and_ a server with the fix, so that they can agree to
    adopt a modified version of the protocol. Alternatively, you may be
    able to reconfigure PuTTY to avoid selecting any of the affected
    modes.

    If PuTTY 0.80 connects to an SSH server without the fix, it will
    warn you if the initial protocol negotiation chooses an insecure
    mode to run the connection in, so that you can abandon the
    connection. If it's possible to alter PuTTY's configuration to
    avoid the problem, then the warning message will tell you how to do
    it.

    As well as this security fix, there are two other ordinary bug fixes
    in 0.80:

    - On Windows, if you installed the MSI package, PuTTY could not find
    its help file. The help file was installed, but PuTTY wouldn't be
    able to open it, so the help buttons in its dialog boxes were
    missing.

    - Sometimes, if you were looking at the terminal scrollback, the view
    position would be reset to the bottom of the scrollback unwantedly,
    if the server sent terminal output that didn't actually cause
    anything to be printed.

    Enjoy using PuTTY!

    --
    for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff, 0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7, 0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
    print("".join([chr(32+3*((k>>x)&1))for x in range(79)])) # <anakin@pobox.com>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)