openSUSE Security Update: Security update for axel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:0785-1
Rating:             moderate
References:         #1172159 
Cross-References:   CVE-2020-13614
Affected Products:
                    openSUSE Backports SLE-15-SP1
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for axel fixes the following issues:

   axel was updated to 2.17.8:

   * CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)

   * Replaced progressbar line clearing with terminal control sequence
   * Fixed parsing of Content-Disposition HTTP header
   * Fixed User-Agent HTTP header never being included

   Update to version 2.17.7:

   - Buildsystem fixes
   - Fixed release date for man-pages on BSD
   - Explicitly close TCP sockets on SSL connections too
   - Fixed HTTP basic auth header generation
   - Changed the default progress report to "alternate output mode"
   - Improved English in README.md

   Update to version 2.17.6:

   - Fixed handling of non-recoverable HTTP errors   - Cleanup of connection setup code
   - Fixed manpage reproducibility issue
   - Use tracker instead of PTS from Debian

   Update to version 2.17.5:

   - Fixed progress indicator misalignment
   - Cleaned up the wget-like progress output code
   - Improved progress output flushing

   Update to version 2.17.4:

   - Fixed build with bionic libc (Android)
   - TCP Fast Open support on Linux
   - TCP code cleanup
   - Removed dependency on libm
   - Data types and format strings cleanup
   - String handling cleanup
   - Format string checking GCC attributes added
   - Buildsystem fixes and improvements
   - Updates to the documentation
   - Updated all translations
   - Fixed Footnotes in documentation
   - Fixed a typo in README.md

   Update to version 2.17.3:

   - Builds now use canonical host triplet instead of `uname -s`
   - Fixed build on Darwin / Mac OS X
   - Fixed download loops caused by last byte pointer being off by one
   - Fixed linking issues (i18n and posix threads)
   - Updated build instructions
   - Code cleanup
   - Added autoconf-archive to building instructions

   Update to version 2.17.2:

   - Fixed HTTP request-ranges to be zero-based
   - Fixed typo "too may" -> "too many"
   - Replaced malloc + memset calls with calloc
   - Sanitize progress bar buffer len passed to memset

   Update to version 2.17.1:

   - Fixed comparison error in axel_divide
   - Make sure maxconns is at least 1

   Update to version 2.17:

   - Fixed composition of URLs in redirections
   - Fixed request range calculation
   - Updated all translations
   - Updated build documentation
   - Major code cleanup
    -  Cleanup of alternate progress output
    -  Removed global string buffers    -  Fixed min and max macros
    -  Moved User-Agent header to conf->add_header
    -  Use integers for speed ratio and delay calculation
   - Added support for parsing IPv6 literal hostname
   - Fixed filename extraction from URL
   - Fixed request-target message to proxy
   - Handle secure protocol's schema even with SSL disabled
   - Fixed Content-Disposition filename value decoding
   - Strip leading hyphens in extracted filenames

   This update was imported from the openSUSE:Leap:15.1:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP1:

      zypper in -t patch openSUSE-2020-785=1



Package List:

   - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

      axel-2.17.8-bp151.4.3.1


References:

   https://www.suse.com/security/cve/CVE-2020-13614.html
   https://bugzilla.suse.com/1172159

--

openSUSE: 2020:0785-1: moderate: axel

June 8, 2020
An update that fixes one vulnerability is now available.

Description

This update for axel fixes the following issues: axel was updated to 2.17.8: * CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159) * Replaced progressbar line clearing with terminal control sequence * Fixed parsing of Content-Disposition HTTP header * Fixed User-Agent HTTP header never being included Update to version 2.17.7: - Buildsystem fixes - Fixed release date for man-pages on BSD - Explicitly close TCP sockets on SSL connections too - Fixed HTTP basic auth header generation - Changed the default progress report to "alternate output mode" - Improved English in README.md Update to version 2.17.6: - Fixed handling of non-recoverable HTTP errors - Cleanup of connection setup code - Fixed manpage reproducibility issue - Use tracker instead of PTS from Debian Update to version 2.17.5: - Fixed progress indicator misalignment - Cleaned up the wget-like progress output code - Improved progress output flushing Update to version 2.17.4: - Fixed build with bionic libc (Android) - TCP Fast Open support on Linux - TCP code cleanup - Removed dependency on libm - Data types and format strings cleanup - String handling cleanup - Format string checking GCC attributes added - Buildsystem fixes and improvements - Updates to the documentation - Updated all translations - Fixed Footnotes in documentation - Fixed a typo in README.md Update to version 2.17.3: - Builds now use canonical host triplet instead of `uname -s` - Fixed build on Darwin / Mac OS X - Fixed download loops caused by last byte pointer being off by one - Fixed linking issues (i18n and posix threads) - Updated build instructions - Code cleanup - Added autoconf-archive to building instructions Update to version 2.17.2: - Fixed HTTP request-ranges to be zero-based - Fixed typo "too may" -> "too many" - Replaced malloc + memset calls with calloc - Sanitize progress bar buffer len passed to memset Update to version 2.17.1: - Fixed comparison error in axel_divide - Make sure maxconns is at least 1 Update to version 2.17: - Fixed composition of URLs in redirections - Fixed request range calculation - Updated all translations - Updated build documentation - Major code cleanup - Cleanup of alternate progress output - Removed global string buffers - Fixed min and max macros - Moved User-Agent header to conf->add_header - Use integers for speed ratio and delay calculation - Added support for parsing IPv6 literal hostname - Fixed filename extraction from URL - Fixed request-target message to proxy - Handle secure protocol's schema even with SSL disabled - Fixed Content-Disposition filename value decoding - Strip leading hyphens in extracted filenames This update was imported from the openSUSE:Leap:15.1:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-785=1


Package List

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): axel-2.17.8-bp151.4.3.1


References

https://www.suse.com/security/cve/CVE-2020-13614.html https://bugzilla.suse.com/1172159--


Severity
Announcement ID: openSUSE-SU-2020:0785-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP1

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved