Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Debian 10: 2020-4c3a0b0a3b Urgent: Curl Header Manipulation

fedora
Calendar Grey May 13, 2018
Dist Fedora Esm H88
Enhance wget on Fedora 27 to mitigate cookie injection vulnerabilities. Safeguard your system by applying this crucial security patch.
- New upstream version fixing CVE

Summary

GNU Wget is a file retrieval utility which can use either the HTTP or

FTP protocols. Wget features include the ability to work in the

background while you are logged out, recursive retrieval of

directories, file name wildcard matching, remote file timestamp

storage and comparison, use of Rest with FTP servers and Range with

HTTP servers to retrieve files over slow or unstable connections,

support for Proxy servers, and configurability.

- New upstream version fixing CVE

* Wed May 9 2018 Tomas Hozza - 1.19.5-1

- Update to 1.19.5 fixing CVE-2018-0494

* Thu Apr 26 2018 Tomas Hozza - 1.19.4-3

- Added gcc as an explicit BuildRequires

* Fri Feb 9 2018 Fedora Release Engineering - 1.19.4-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Mon Jan 22 2018 Tomas Hozza - 1.19.4-1

- Update to the latest upstream version

- Fix issue with decompressing with broken web servers (#1532233)

* Fri Dec 8 2017 Tomas Hozza - 1.19.2-2

- Fix segfault when calling strchr in http.c (#1511562)

* Fri Oct 27 2017 Tomas Hozza - 1.19.2-1

- Update to latest upstream version due to CVE-2017-13089 CVE-2017-13090

* Mon Oct 9 2017 Troy Dawson - 1.19.1-6

- Fix FTBFS (#1499876)

* Thu Aug 3 2017 Fedora Release Engineering - 1.19.1-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering - 1.19.1-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[ 1 ] Bug #1575635 - CVE-2018-0494 wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1575635

[ 2 ] Bug #1575443 - wget-1.19.5 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1575443

su -c 'dnf upgrade --advisory FEDORA-2018-29ebba0906' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory fedora critical threat wget cookie injection

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 1.19.5
Release: 1.fc27
URL: http://www.gnu.org/software/wget/
Summary: A utility for retrieving files using the HTTP or FTP protocols

Topics%20covered

Topics Covered

security advisory fedora critical threat wget cookie injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here