Security Alert: Update PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN ASAP Users of PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN need to update those applications as soon as possible.

April 19, 2024 12:34 pm

Is this email displaying correctly? View it in a browser.

Security Alert: Update PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN ASAP

Users of PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN need to update those applications as soon as possible.

PuTTY 0.81 or newer
WinSCP 6.3.3 or newer
FileZilla 3.67.0 or newer
TortoiseGit 2.15.0.1 or newer
TortoiseSVN 1.14.7 or newer

The latest versions of the above applications address a critical vulnerability that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.

Additionally, any ECDSA NIST-P521 keys used with the above applications should be revoked by removing them from ~/.ssh/authorized_keys files and their equivalents in other SSH servers.

Additional information

https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html
https://nvd.nist.gov/vuln/detail/CVE-2024-31497

If you have any questions, or issues, please contact ERIS by emailing hpcsupport@partners.org.

Security Alert: Update PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN ASAP Users of PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN need to update those applications as soon as possible.

Get Help

Security Alert: Update PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN ASAP

Users of PuTTY, WinSCP, FileZilla, TortoiseGit, and TortoiseSVN need to update those applications as soon as possible.

Additional information