Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 26: 2018-f29459149a Moderate: Wget Cookie Injection Issue

fedora
Calendar Grey May 13, 2018
Dist Fedora Esm H88
A new version of wget has been launched, fixing the cookie vulnerability. Fedora 26 users can upgrade through dnf to boost security.
- New upstream version fixing CVE

Summary

GNU Wget is a file retrieval utility which can use either the HTTP or

FTP protocols. Wget features include the ability to work in the

background while you are logged out, recursive retrieval of

directories, file name wildcard matching, remote file timestamp

storage and comparison, use of Rest with FTP servers and Range with

HTTP servers to retrieve files over slow or unstable connections,

support for Proxy servers, and configurability.

- New upstream version fixing CVE

* Wed May 9 2018 Tomas Hozza - 1.19.5-1

- Update to 1.19.5 fixing CVE-2018-0494

* Thu Apr 26 2018 Tomas Hozza - 1.19.4-3

- Added gcc as an explicit BuildRequires

* Fri Feb 9 2018 Fedora Release Engineering - 1.19.4-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Mon Jan 22 2018 Tomas Hozza - 1.19.4-1

- Update to the latest upstream version

- Fix issue with decompressing with broken web servers (#1532233)

* Fri Dec 8 2017 Tomas Hozza - 1.19.2-2

- Fix segfault when calling strchr in http.c (#1511562)

* Fri Oct 27 2017 Tomas Hozza - 1.19.2-1

- Update to latest upstream version due to CVE-2017-13089 CVE-2017-13090

* Mon Oct 9 2017 Troy Dawson - 1.19.1-6

- Fix FTBFS (#1499876)

* Thu Aug 3 2017 Fedora Release Engineering - 1.19.1-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering - 1.19.1-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[ 1 ] Bug #1575635 - CVE-2018-0494 wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1575635

[ 2 ] Bug #1575443 - wget-1.19.5 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1575443

su -c 'dnf upgrade --advisory FEDORA-2018-f29459149a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora moderate severity advisory software fix cookie injection wget update

Change Log

References

Update Instructions

Product: Fedora 26
Version: 1.19.5
Release: 1.fc26
URL: http://www.gnu.org/software/wget/
Summary: A utility for retrieving files using the HTTP or FTP protocols

Topics%20covered

Topics Covered

security advisory Fedora moderate severity advisory software fix cookie injection wget update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here