This Week in Security: Putty Keys, Libarchive, and Palo Alto

It may be time to rotate some keys. The venerable PuTTY was updated to 0.81 this week, and the major fix was a change to how ecdsa-sha2-nistp521 signatures are generated. The problem was reported on the oss-security mailing list, and it’s quite serious, though thankfully with a somewhat narrow coverage.


This is a companion discussion topic for the original entry at https://hackaday.com/2024/04/19/this-week-in-security-putty-keys-libarchive-and-palo-alto/