Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
197
security advisorysecurity updateDebianDebian 8: DLA-2086-1 Urgent: Fix for Wget Race Condition Issue
An issue has been found in wget, a tool to retrieve files from the web. A race condition might occur as files rejected by an access list are kept on the disk for the duration of a HTTP connection. . Package : wget Version : 1.16-1+deb8u7 CVE ID : CVE-2016-7098 An issue has been found in wget, a tool to retrieve files from the web. A race condition might occur as files rejected by an access list are kept on the disk for the duration of a HTTP connection. For Debian 8 "Jessie", this problem has been fixed in version 1.16-1+deb8u7. We recommend that you upgrade your wget packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS has published a security patch for wget to resolve a permissions problem that could impact the download of files.. Debian LTS,wget security update,file access issue,race condition. . Severity: Critical. LinuxSecurity.com Team
Jan 29, 2020
•Critical
Debian LTS
89
security advisoryFedorabug fixFedora 22: Wget Update Notification for FTP Exposure Issue
- fixed one bug. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-fff2073f50 2015-12-14 07:42:13.646337 -------------------------------------------------------------------------------- Name : wget Product : Fedora 22 Version : 1.16.3 Release : 2.fc22 URL : Summary : A utility for retrieving files using the HTTP or FTP protocols Description : GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. -------------------------------------------------------------------------------- Update Information: - fixed one bug -------------------------------------------------------------------------------- References: [ 1 ] Bug #1260925 - wget: IP address exposure via FTP PORT command [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1260925 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wget' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 14, 2015
•Important
Fedora
89
security advisorysoftware updateFedoraFedora 23: Security Update for Wget Tool – Critical IP Exposure Fix
- new version. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10f92d4d06 2015-11-30 18:50:49.211698 -------------------------------------------------------------------------------- Name : wget Product : Fedora 23 Version : 1.17 Release : 1.fc23 URL : Summary : A utility for retrieving files using the HTTP or FTP protocols Description : GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. -------------------------------------------------------------------------------- Update Information: - new version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1260925 - wget: IP address exposure via FTP PORT command [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1260925 [ 2 ] Bug #1281829 - Harden all packages: wget should be a position-independent executable https://bugzilla.redhat.com/show_bug.cgi?id=1281829 [ 3 ] Bug #1286008 - wget-1.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1286008 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wget' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 30, 2015
•Critical
Fedora
98
security advisoryRed Hatcritical riskRed Hat OpenStack 5.0 RHSA-2015-0841-01 Critical: File Access Risk
An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: redhat-access-plugin security update Advisory ID: RHSA-2015:0841-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0841.html Issue date: 2015-04-16 CVE Names: CVE-2015-0271 ==================================================================== 1. Summary: An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription services from the Red Hat OpenStack administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard (horizon) did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server. (CVE-2015-0271) RedHat would like to thank Sara Perez Merino of SensePost for reporting this issue. All redhat-access-plugin-openstack users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193638 - CVE-2015-0271 OpenStack dashboard: log file arbitrary file retrieval 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: redhat-access-plugin-openstack-5.0.1-0.el6ost.src.rpm noarch: redhat-access-plugin-openstack-5.0.1-0.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0271 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVMAcoXlSAg2UNWIIRAv0YAJ0SE2nfeQl2po3dBOKWTUUpr3evHACgtDBN hYJxe2EhquSpZDzes2fxxsY=ihDv -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 16, 2015
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat 6.5: RHSA-2014:1955-01 Moderate: Wget FTP Access Vulnerability
An updated wget package that fixes one security issue is now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: wget security update Advisory ID: RHSA-2014:1955-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1955.html Issue date: 2014-12-03 CVE Names: CVE-2014-4877 ==================================================================== 1. Summary: An updated wget package that fixes one security issue is now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. (CVE-2014-4877) Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally. Red Hat would like to thank the GNU Wget project for reporting this issue. Upstream acknowledges HDMoore of Rapid7, Inc as the original reporter. All users of wget are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: wget-1.12-1.12.el6_5.src.rpm x86_64: wget-1.12-1.12.el6_5.x86_64.rpm wget-debuginfo-1.12-1.12.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: wget-1.12-1.12.el6_5.src.rpm i386: wget-1.12-1.12.el6_5.i686.rpm wget-debuginfo-1.12-1.12.el6_5.i686.rpm ppc64: wget-1.12-1.12.el6_5.ppc64.rpm wget-debuginfo-1.12-1.12.el6_5.ppc64.rpm s390x: wget-1.12-1.12.el6_5.s390x.rpm wget-debuginfo-1.12-1.12.el6_5.s390x.rpm x86_64: wget-1.12-1.12.el6_5.x86_64.rpm wget-debuginfo-1.12-1.12.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-4877 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUf2SHXlSAg2UNWIIRAksGAKCgcxbPFweCqtdBT48JuQ0rcz4GQQCgsCCA ERTvJYUlzaH9ghTT2PXqMJs=3ppw -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 03, 2014
Red Hat
98
security advisoryarbitrary code executionRed Hat Enterprise LinuxRed Hat 6: RHSA-2014:0151-01 Low: wget File Issue and Update
An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: wget security and bug fix update Advisory ID: RHSA-2014:0151-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0151.html Issue date: 2014-02-10 CVE Names: CVE-2010-2252 ==================================================================== 1. Summary: An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in dependency on file timestamp comparison. It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2010-2252) Note: With this update, wget always uses the last component of the original URL as the name for the downloaded file. Previousbehavior of using the server provided name or the last component of the redirected URL when creating files can be re-enabled by using the '--trust-server-names' command line option, or by setting 'trust_server_names=on' in the wget start-up file. This update also fixes the following bugs: * Prior to this update, the wget package did not recognize HTTPS SSL certificates with alternative names (subjectAltName) specified in the certificate as valid. As a consequence, running the wget command failed with a certificate error. This update fixes wget to recognize such certificates as valid. (BZ#1060113) All users of wget are advised to upgrade to this updated package, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 602797 - CVE-2010-2252 wget: multiple HTTP client download filename vulnerability [OCERT 2010-001] 833831 - When redirected, wget should use the original page name for saving 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: wget-1.12-1.11.el6_5.i686.rpm wget-debuginfo-1.12-1.11.el6_5.i686.rpm x86_64: wget-1.12-1.11.el6_5.x86_64.rpm wget-debuginfo-1.12-1.11.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: wget-1.12-1.11.el6_5.x86_64.rpm wget-debuginfo-1.12-1.11.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: wget-1.12-1.11.el6_5.i686.rpm wget-debuginfo-1.12-1.11.el6_5.i686.rpm ppc64: wget-1.12-1.11.el6_5.ppc64.rpm wget-debuginfo-1.12-1.11.el6_5.ppc64.rpm s390x: wget-1.12-1.11.el6_5.s390x.rpm wget-debuginfo-1.12-1.11.el6_5.s390x.rpm x86_64: wget-1.12-1.11.el6_5.x86_64.rpm wget-debuginfo-1.12-1.11.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: wget-1.12-1.11.el6_5.i686.rpm wget-debuginfo-1.12-1.11.el6_5.i686.rpm x86_64: wget-1.12-1.11.el6_5.x86_64.rpm wget-debuginfo-1.12-1.11.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2010-2252 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. . Recent revision of curl for Fedora tackles vulnerabilities and resolves bugs. Update today for enhanced download security!. Red Hat Enterprise Linux,wget security,Red Hat update,wget bug fix,file retrieval safety. . Severity: Low. LinuxSecurity.com Team
Feb 10, 2014
•Low
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2009:1549-01 Moderate: wget SSL Certificate Attack
An updated wget package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: wget security update Advisory ID: RHSA-2009:1549-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1549.html Issue date: 2009-11-03 CVE Names: CVE-2009-3490 ==================================================================== 1. Summary: An updated wget package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Wget into accepting it bymistake. (CVE-2009-3490) Wget users should upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 520454 - CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name 6. Package List: Red Hat Enterprise Linux AS version 3: Source: i386: wget-1.10.2-0.30E.1.i386.rpm wget-debuginfo-1.10.2-0.30E.1.i386.rpm ia64: wget-1.10.2-0.30E.1.ia64.rpm wget-debuginfo-1.10.2-0.30E.1.ia64.rpm ppc: wget-1.10.2-0.30E.1.ppc.rpm wget-debuginfo-1.10.2-0.30E.1.ppc.rpm s390: wget-1.10.2-0.30E.1.s390.rpm wget-debuginfo-1.10.2-0.30E.1.s390.rpm s390x: wget-1.10.2-0.30E.1.s390x.rpm wget-debuginfo-1.10.2-0.30E.1.s390x.rpm x86_64: wget-1.10.2-0.30E.1.x86_64.rpm wget-debuginfo-1.10.2-0.30E.1.x86_64.rpm Red Hat Desktop version 3: Source: i386: wget-1.10.2-0.30E.1.i386.rpm wget-debuginfo-1.10.2-0.30E.1.i386.rpm x86_64: wget-1.10.2-0.30E.1.x86_64.rpm wget-debuginfo-1.10.2-0.30E.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: wget-1.10.2-0.30E.1.i386.rpm wget-debuginfo-1.10.2-0.30E.1.i386.rpm ia64: wget-1.10.2-0.30E.1.ia64.rpm wget-debuginfo-1.10.2-0.30E.1.ia64.rpm x86_64: wget-1.10.2-0.30E.1.x86_64.rpm wget-debuginfo-1.10.2-0.30E.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: i386: wget-1.10.2-0.30E.1.i386.rpm wget-debuginfo-1.10.2-0.30E.1.i386.rpm ia64: wget-1.10.2-0.30E.1.ia64.rpm wget-debuginfo-1.10.2-0.30E.1.ia64.rpm x86_64: wget-1.10.2-0.30E.1.x86_64.rpm wget-debuginfo-1.10.2-0.30E.1.x86_64.rpm Red Hat Enterprise Linux AS version4: Source: i386: wget-1.10.2-1.el4_8.1.i386.rpm wget-debuginfo-1.10.2-1.el4_8.1.i386.rpm ia64: wget-1.10.2-1.el4_8.1.ia64.rpm wget-debuginfo-1.10.2-1.el4_8.1.ia64.rpm ppc: wget-1.10.2-1.el4_8.1.ppc.rpm wget-debuginfo-1.10.2-1.el4_8.1.ppc.rpm s390: wget-1.10.2-1.el4_8.1.s390.rpm wget-debuginfo-1.10.2-1.el4_8.1.s390.rpm s390x: wget-1.10.2-1.el4_8.1.s390x.rpm wget-debuginfo-1.10.2-1.el4_8.1.s390x.rpm x86_64: wget-1.10.2-1.el4_8.1.x86_64.rpm wget-debuginfo-1.10.2-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: wget-1.10.2-1.el4_8.1.i386.rpm wget-debuginfo-1.10.2-1.el4_8.1.i386.rpm x86_64: wget-1.10.2-1.el4_8.1.x86_64.rpm wget-debuginfo-1.10.2-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: wget-1.10.2-1.el4_8.1.i386.rpm wget-debuginfo-1.10.2-1.el4_8.1.i386.rpm ia64: wget-1.10.2-1.el4_8.1.ia64.rpm wget-debuginfo-1.10.2-1.el4_8.1.ia64.rpm x86_64: wget-1.10.2-1.el4_8.1.x86_64.rpm wget-debuginfo-1.10.2-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: wget-1.10.2-1.el4_8.1.i386.rpm wget-debuginfo-1.10.2-1.el4_8.1.i386.rpm ia64: wget-1.10.2-1.el4_8.1.ia64.rpm wget-debuginfo-1.10.2-1.el4_8.1.ia64.rpm x86_64: wget-1.10.2-1.el4_8.1.x86_64.rpm wget-debuginfo-1.10.2-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: wget-1.11.4-2.el5_4.1.i386.rpm wget-debuginfo-1.11.4-2.el5_4.1.i386.rpm x86_64: wget-1.11.4-2.el5_4.1.x86_64.rpm wget-debuginfo-1.11.4-2.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: wget-1.11.4-2.el5_4.1.i386.rpm wget-debuginfo-1.11.4-2.el5_4.1.i386.rpm ia64: wget-1.11.4-2.el5_4.1.ia64.rpm wget-debuginfo-1.11.4-2.el5_4.1.ia64.rpm ppc: wget-1.11.4-2.el5_4.1.ppc.rpm wget-debuginfo-1.11.4-2.el5_4.1.ppc.rpm s390x: wget-1.11.4-2.el5_4.1.s390x.rpm wget-debuginfo-1.11.4-2.el5_4.1.s390x.rpm x86_64: wget-1.11.4-2.el5_4.1.x86_64.rpm wget-debuginfo-1.11.4-2.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details onhow to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-3490 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. . A significant enhancement for curl in CentOS tackles TLS certificate vulnerabilities affecting various iterations.. Red Hat Linux Updates,wget Security Patch,SSL Certificate Vulnerability,Enterprise Linux Security. . LinuxSecurity.com Team
Nov 03, 2009
Red Hat
98
security advisorysecurity issueRed HatRedHat: RHSA-2005:771-01 Low: wget File Issues and Threats
Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: wget security update Advisory ID: RHSA-2005:771-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:771.html Issue date: 2005-09-27 Updated on: 2005-09-27 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1487 CAN-2004-1488 CAN-2004-2014 - ---------------------------------------------------------------------1. Summary: Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CAN-2004-2014) A bug was found in the waywget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve ".." to an IP address, which is an unlikely situation. (CAN-2004-1487) A bug was found in the way wget displays HTTP response codes. It is possible that a malicious web server could inject a specially crafted terminal escape sequence capable of misleading the user running wget. (CAN-2004-1488) Users should upgrade to this updated package, which contains a version of wget that is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144214 - CAN-2004-1487 Several wget vulnerabilities (CAN-2004-1488) 157498 - CAN-2004-2014 wget symlink race 165782 - wget man page incomplete 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 6a5769b6fd5db63718b3561762ba2214 wget-1.10.1-0.AS21.src.rpm i386: 0ebad3106c0d7bad24619e56043c7a1f wget-1.10.1-0.AS21.i386.rpm ia64: c0c2f2cbbe2742f24821da038f525392 wget-1.10.1-0.AS21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: 6a5769b6fd5db63718b3561762ba2214 wget-1.10.1-0.AS21.src.rpm ia64: c0c2f2cbbe2742f24821da038f525392 wget-1.10.1-0.AS21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: 6a5769b6fd5db63718b3561762ba2214 wget-1.10.1-0.AS21.src.rpm i386: 0ebad3106c0d7bad24619e56043c7a1f wget-1.10.1-0.AS21.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 6a5769b6fd5db63718b3561762ba2214 wget-1.10.1-0.AS21.src.rpm i386: 0ebad3106c0d7bad24619e56043c7a1f wget-1.10.1-0.AS21.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: 9a8e6cc8b8ba85337db9f0f1d318a2fb wget-1.10.1-1.30E.1.src.rpm i386: b34486d54a1782ea1f6d80a32283f072 wget-1.10.1-1.30E.1.i386.rpm ia64: 34f41a76819f8aa9643c94004c710e76 wget-1.10.1-1.30E.1.ia64.rpm ppc: 526db0bd2e543587fd4b6052e40f084d wget-1.10.1-1.30E.1.ppc.rpm s390: 3d4579e3ab78be15b8ae5d79d212cc8a wget-1.10.1-1.30E.1.s390.rpm s390x: ac1ca787f5ebe24f12a5df870f0be695 wget-1.10.1-1.30E.1.s390x.rpm x86_64: 73e0ed3066876338971b91a7d8c1db53 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: 9a8e6cc8b8ba85337db9f0f1d318a2fb wget-1.10.1-1.30E.1.src.rpm i386: b34486d54a1782ea1f6d80a32283f072 wget-1.10.1-1.30E.1.i386.rpm x86_64: 73e0ed3066876338971b91a7d8c1db53 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 9a8e6cc8b8ba85337db9f0f1d318a2fb wget-1.10.1-1.30E.1.src.rpm i386: b34486d54a1782ea1f6d80a32283f072 wget-1.10.1-1.30E.1.i386.rpm ia64: 34f41a76819f8aa9643c94004c710e76 wget-1.10.1-1.30E.1.ia64.rpm x86_64: 73e0ed3066876338971b91a7d8c1db53 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 9a8e6cc8b8ba85337db9f0f1d318a2fb wget-1.10.1-1.30E.1.src.rpm i386: b34486d54a1782ea1f6d80a32283f072 wget-1.10.1-1.30E.1.i386.rpm ia64: 34f41a76819f8aa9643c94004c710e76 wget-1.10.1-1.30E.1.ia64.rpm x86_64: 73e0ed3066876338971b91a7d8c1db53 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: 61299b15358e08747f4ce6f6a9fd7074 wget-1.10.1-2.4E.1.src.rpm i386: 32e50c0c448479be5f79f19ac1205b00 wget-1.10.1-2.4E.1.i386.rpm ia64: dd2e3c65ad878537f2b53e0f6576d21b wget-1.10.1-2.4E.1.ia64.rpm ppc: 8699a7727ffc28abe7f8ba44fdd5d22e wget-1.10.1-2.4E.1.ppc.rpm s390: cd6f4cf17be4ad0e865354564b9a1ac1 wget-1.10.1-2.4E.1.s390.rpm s390x: d4f6ca064ed062f86482e8c5b59fd778 wget-1.10.1-2.4E.1.s390x.rpm x86_64: 2e672ef5682916ef4193a5aec812bf3a wget-1.10.1-2.4E.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 61299b15358e08747f4ce6f6a9fd7074 wget-1.10.1-2.4E.1.src.rpm i386: 32e50c0c448479be5f79f19ac1205b00 wget-1.10.1-2.4E.1.i386.rpm x86_64: 2e672ef5682916ef4193a5aec812bf3a wget-1.10.1-2.4E.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 61299b15358e08747f4ce6f6a9fd7074 wget-1.10.1-2.4E.1.src.rpm i386: 32e50c0c448479be5f79f19ac1205b00 wget-1.10.1-2.4E.1.i386.rpm ia64: dd2e3c65ad878537f2b53e0f6576d21b wget-1.10.1-2.4E.1.ia64.rpm x86_64: 2e672ef5682916ef4193a5aec812bf3a wget-1.10.1-2.4E.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 61299b15358e08747f4ce6f6a9fd7074 wget-1.10.1-2.4E.1.src.rpm i386: 32e50c0c448479be5f79f19ac1205b00 wget-1.10.1-2.4E.1.i386.rpm ia64: dd2e3c65ad878537f2b53e0f6576d21b wget-1.10.1-2.4E.1.ia64.rpm x86_64: 2e672ef5682916ef4193a5aec812bf3a wget-1.10.1-2.4E.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2004-1487 https://www.cve.org/CVERecord?id=CAN-2004-1488 https://www.cve.org/CVERecord?id=CAN-2004-2014 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . New wget version released in RedHat to resolve multiple minor security vulnerabilities related to file downloads. Discover further details.. RedHat Wget Security Fix, File Retrieval Vulnerabilities, Package Update. . Severity: Low. LinuxSecurity.com Team
Sep 27, 2005
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!