PuTTY v0.76 正式版发布附下载 – 免费的SSH/Telnet程序-联合优网

知名SSH/Telnet 程序PuTTY 0.76 发布，带来了安全修正、证书和协议升级。PuTTY 是一款集成虚拟终端、系统控制台和网络文件传输为一体的自由开源程序。它支持多种网络协议，包括 SCP，SSH，Telnet，rlogin 和原始的套接字连接，它也可以连接到串行端口。其软件名字“PuTTY”并没有特殊含义。

PuTTY v0.76 正式版发布附下载 - 免费的SSH/Telnet程序

PuTTY 是一套免费的 SSH / Telnet 程序,它可以连接上支持 SSH Telnet 协议的站点,并且可自动取得对方的系统指纹码 (Fingerprint).建立联机以后,所有的通讯内容都是以加密的方式传输,因此你再也不用害怕使用 Telnet 在 Internet 或公司的内部网络传输资料时被他人获知内容了.

新版本是一个安全更新版本，修复了过时的 SSH-1 中漏洞协议，也包括 0.71 以来的各种 bug 修复。其中许多安全问题是在最近欧盟资助的 HackerOne（全球知名漏洞悬赏平台）上发现的，根据发布公告，该赏金计划已于 7 月结束，共持续了约半年时间。之后想反馈 bug 的话可通过电子邮件与 PuTTY 团队联系，具体可查看反馈页面。

PuTTY v0.76 正式版发布附下载 - 免费的SSH/Telnet程序

主要漏洞修复如下：

安全修复：如果 SSH 服务器接受了提供的公共密钥，然后拒绝了签名，那么如果密钥来自 SSH 代理，则 PuTTY 可以访问释放的内存。
安全功能：如果想避免向窃听者泄露存储密钥的主机，则新的配置选项可禁用 PuTTY 的动态主机密钥首选项策略。
Bug 修复：在 Windows 高对比度模式下，安装程序 UI 难以辨认。
Bug 修复：Windows 7 上的控制台密码输入失败。
终端中的 Bug 修复：一个可怕的“line==NULL”错误框的实例，以及另外两个断言失败。
Bug 修复：来自代理的 RSA 签名的错误兼容填充中潜在的内存消耗循环。
Bug 修复：PSFTP 的缓冲区处理在某些服务器（尤其是 proftpd 的服务器mod_sftp）上无法正常工作。
Bug 修复：从备用终端屏幕还原时，光标的位置可能错误。（此类型的错误已在 0.59 中修复；这种情况未解决。）
Bug 修复：在 Ubuntu 20.04（或具有类似 Pango 的最新版本的任何其他系统）上运行 GTK PuTTY 时，字符单元格高度可能太小像素。
Bug 修复：旧式（低分辨率）scroll wheel events 在 GTK 3 PuTTY 中不起作用。这可能会使 scroll wheel 完全停止在 VNC 中工作。

These features are new in 0.76 (released 2021-07-17):

New option to abandon an SSH connection if the server allows you to authenticate in a trivial manner.
Bug fix: Windows PuTTY crashed when the ‘Use system colours’ option was used.
Bug fix: crash on Windows when using MIT Kerberos together with ‘Restart Session’.
Bug fix: Windows PuTTY leaked named pipes after contacting Pageant.
Bug fix: Windows PuTTY didn’t update the window while you held down the scrollbar arrow buttons long enough to ‘key-repeat’.
Bug fix: user colour-palette reconfiguration via ‘Change Settings’ were delayed-action.
Bug fix: server colour-palette reconfigurations were sometimes lost.
Bug fix: a tight loop could occur on reading a truncated private key file.
Bug fix: the Windows Pageant GUI key list didn’t display key lengths.

These features were new in 0.75 (released 2021-05-08):

Security fix: on Windows, a server could DoS the whole Windows GUI by telling the PuTTY window to change its title repeatedly at high speed.
Pageant now supports loading a key still encrypted, and decrypting it later by prompting for the passphrase on first use.
Upgraded default SSH key fingerprint format to OpenSSH-style SHA-256.
Upgraded private key file format to PPK3, with improved passphrase hashing and no use of SHA-1.
Terminal now supports ESC [ 9 m for strikethrough text.
New protocols: bare ssh-connection layer for use over already-secure IPC channels, and SUPDUP for talking to very old systems such as PDP-10s.
PuTTYgen now supports alternative provable-prime generation algorithm for RSA and DSA.
The Unix tools can now connect directly to a Unix-domain socket.

These features were new in 0.74 (released 2020-06-27):

Security fix: if an SSH server accepted an offer of a public key and then rejected the signature, PuTTY could access freed memory, if the key had come from an SSH agent.
Security feature: new config option to disable PuTTY’s dynamic host key preference policy, if you prefer to avoid giving away to eavesdroppers which hosts you have stored keys for.
Bug fix: the installer UI was illegible in Windows high-contrast mode.
Bug fix: console password input failed on Windows 7.
Bug fixes in the terminal: one instance of the dreaded “line==NULL” error box, and two other assertion failures.
Bug fix: potential memory-consuming loop in bug-compatible padding of an RSA signature from an agent.
Bug fix: PSFTP’s buffer handling worked badly with some servers (particularly proftpd’s mod_sftp).
Bug fix: cursor could be wrongly positioned when restoring from the alternate terminal screen. (A bug of this type was fixed in 0.59; this is a case that that fix missed.)
Bug fix: character cell height could be a pixel too small when running GTK PuTTY on Ubuntu 20.04 (or any other system with a similarly up-to-date version of Pango).
Bug fix: old-style (low resolution) scroll wheel events did not work in GTK 3 PuTTY. This could stop the scroll wheel working at all in VNC.