openSUSE: 2020:0778-1 Moderate Security Update for axel SSL Issue
opensuse
June 8, 2020
An update that fixes one vulnerability is now available.
Description
This update for axel fixes the following issues:
axel was updated to 2.17.8:
* CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)
* Replaced progressbar line clearing with terminal control sequence
* Fixed parsing of Content-Disposition HTTP header
* Fixed User-Agent HTTP header never being included
Update to version 2.17.7:
- Buildsystem fixes
- Fixed release date for man-pages on BSD
- Explicitly close TCP sockets on SSL connections too
- Fixed HTTP basic auth header generation
- Changed the default progress report to "alternate output mode"
- Improved English in README.md
Update to version 2.17.6:
- Fixed handling of non-recoverable HTTP errors - Cleanup of connection setup code
- Fixed manpage reproducibility issue
- Use tracker instead of PTS from Debian
Update to version 2.17.5:
- Fixed progress indicator misalignment
- Cleaned up the wget-like progress output code
- Improved...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-778=1
Package List
- openSUSE Leap 15.1 (x86_64):
axel-2.17.8-lp151.3.3.1
axel-debuginfo-2.17.8-lp151.3.3.1
axel-debugsource-2.17.8-lp151.3.3.1
References
https://www.suse.com/security/cve/CVE-2020-13614.html
https://bugzilla.suse.com/1172159
--
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!