{"id":"MGASA-2016-0112","summary":"Updated putty packages fix CVE-2016-2563","details":"Updated putty package fixes security vulnerability:\n\nMany versions of PSCP in PuTTY prior to 0.67 have a stack corruption\nvulnerability in their treatment of the 'sink' direction (i.e. downloading\nfrom server to client) of the old-style SCP protocol. In order for this\nvulnerability to be exploited, the user must connect to a malicious server\nand attempt to download any file (CVE-2016-2563).\n\nThe putty package has been updated to version 0.67 to fix this issue and a\nfew other bugs.  The halibut package has been updated to version 1.1 to build\nthe documentation.\n","modified":"2026-04-16T06:24:52.656744452Z","published":"2016-03-16T18:07:23Z","upstream":["CVE-2016-2563"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0112.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17942"},{"type":"WEB","url":"http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html"},{"type":"WEB","url":"http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"}],"affected":[{"package":{"name":"halibut","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/halibut?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1-2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0112.json"}},{"package":{"name":"putty","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/putty?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.67-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0112.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}