Comprehensive data protection for all workloads
Post Reply
ratkinsonuk
Expert
Posts: 111
Liked: 16 times
Joined: Dec 10, 2018 10:59 am
Full Name: Robert Atkinson
Contact:

Putty SSH v0.80 CVE-2024-31497 Fix

Post by ratkinsonuk »

Just a quick one for a Friday afternoon....

As Veeam package PuTTY in with the B&R console, will there be a patch/version/fix issued for it please?

Cheers, Rob
Gostev
Chief Product Officer
Posts: 31835
Liked: 7325 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Putty SSH v0.80 CVE-2024-31497 Fix

Post by Gostev » 1 person likes this post

Hi, Rob. Sure, we always update 3rd party components in our periodic maintenance releases. Meanwhile feel free to replace it manually (or even delete) as it's not used by VBR in any way. It is only included for user's convenience. Thanks
jon_654
Lurker
Posts: 1
Liked: never
Joined: May 06, 2024 8:28 am
Full Name: Jon Schou
Contact:

Re: Putty SSH v0.80 CVE-2024-31497 Fix

Post by jon_654 »

Hi Gostev

Although I appreciate the intention and convenience, I find it odd that you include PuTTY at all. I would propose that you do not include it as up to the users ourselves to ensure such peripheral tools reserving the choice of toolstack at the same time to be up to us instead. By providing it for our convenience you at the same time provide a risk of secure posture decrease as we now have to ensure the binaries you provide are upgraded.

I hope it makes sense.

/Jon
Gostev
Chief Product Officer
Posts: 31835
Liked: 7325 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Putty SSH v0.80 CVE-2024-31497 Fix

Post by Gostev » 1 person likes this post

Hi, Jon.

Actually, this does not make sense to me as our software includes hundreds of binaries, not just this one. And generally you don't need to "ensure the binaries you provide are upgraded" as we take care of this with periodic product updates aka maintenance releases.

In any case, I don't see us removing PuTTY as many support cases that involve Linux server interaction require using it, especially when our support engineers provide assistance remotely, and having it readily available reduces time to resolution.

Thanks.
Post Reply

Who is online

Users browsing this forum: Google [Bot], veremin, Yossi.Ashl and 54 guests