PuTTY -- security fixes in new release

The PuTTY team reports:

New in 0.71:

• Security fixes found by an EU-funded bug bounty programme:
• + a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
• + potential recycling of random numbers used in cryptography
• + on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
• + multiple denial-of-service attacks that can be triggered by writing to the terminal
• Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
• User interface changes to protect against fake authentication prompts from a malicious server.

[source]