Fragen? Antworten! Siehe auch: Alternativlos
Security fixes found by an EU-funded bug bounty programme:- a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
- potential recycling of random numbers used in cryptography
- on Windows, hijacking by a malicious help file in the same directory as the executable
- on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
- multiple denial-of-service attacks that can be triggered by writing to the terminal
Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
Das ist mal so ziemlich ein Totalschaden.