PuTTY 0.64 is released

PuTTY version 0.64 is released ------------------------------ MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a SECURITY UPDATE. We recommend that everybody who uses SSH private keys upgrade, as soon as possible. When PuTTY authenticated with a user's private key, the private key was accidentally kept in PuTTY's memory for the rest of its run, where it could be retrieved by other processes reading PuTTY's memory, or written out to swap files or crash dumps. This was believed to be fixed in 0.63, but embarrassingly it turns out there was another copy we hadn't spotted. We think it's more fixed now. Sorry! Additionally, PuTTY was missing a range check in Diffie-Hellman key exchange required by RFC 4253, which could arguably be considered a security issue as well. This is also now fixed. Details of both issues can be found on the PuTTY Wishlist web page, in the 'Fixed in release 0.63' section. Non-security bugs also fixed in this release: - Fixed handling of IPv6 literals in PuTTY's configuration and command lines. You should now be able to use an IPv6 literal in square brackets wherever a hostname or IPv4 address is allowed, and in a few cases (where there's no possibility of confusion with a trailing colon) without square brackets too. - Fixed the annoying repeated host key warnings in mid-session, if you selected 'accept once' at the first one. - The default setting for bold text display has been reverted to its pre-0.63 value, so that bold black should now be visible again. (However, any saved sessions or default settings created by 0.63 will still have the accidental 0.63 default.) The following new features have also been implemented: - SSH-2 connection sharing. This permits multiple instances of PuTTY and its supporting tools to open channels over the same SSH connection, so that you only have to log in once and can open multiple terminal sessions and/or file transfers. You can enable it by ticking one box in the SSH configuration panel, and then the first PuTTY to connect to a particular host will become the 'upstream' managing the SSH connection itself, and further PuTTYs (or PSCP, PSFTP or Plink) you ask to connect to the same host will instead connect to the upstream and share its SSH connection. - New command-line and config options to manually specify the host key(s) you expect. This should be useful to people running the tools in batch mode without a valid Registry, and also to people who have a host that can legitimately offer one of multiple host keys. Enjoy using PuTTY! Cheers, Simon -- import hashlib; print (lambda p,q,g,y,r,s,m: m if (lambda w:(pow(g,int(hashlib. sha1(m).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r else "!" )(0xb80b5dacabab6145, 0xf70027d345023, 0x7643bc4018957897, 0x11c2e5d9951130c9, 0xa54d9cbe4e8ab, 0x746c50eaa1910, "Simon Tatham <anakin at pobox.com>")