putty: CVE-2024-31497

[l2dy]

Affected package (and version)

putty (0.73)

CVE ID(s)

CVE-2024-31497

Severity

High

Other security advisory ID(s）

• oss-security: https://www.openwall.com/lists/oss-security/2024/04/15/6

Description/References

• https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
• Affected Versions: PuTTY 0.68 - 0.80

Patch(es)/Solution(s)

• Apply patch, or
• Update to 0.81 (preferred)

Existing P521 private keys generated by PuTTY should be considered compromised.

[l2dy]

Fixed by https://github.com/AOSC-Dev/aosc-os-abbs/pull/5736.