drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Wget (Aktualisierung)
Name: |
Mehrere Probleme in Wget (Aktualisierung) |
|
ID: |
USN-3464-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM |
|
Datum: |
Mo, 30. Oktober 2017, 18:47 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6508 |
|
Applikationen: |
Wget |
|
Update von: |
Mehrere Probleme in Wget |
|
Originalnachricht |
--===============5738800618374369861== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-ahM90eeQAMbAqS7uYOIP"
--=-ahM90eeQAMbAqS7uYOIP Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3464-2 October 30, 2017
wget vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Wget.
Software Description: - wget: retrieves files from the web
Details:
USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
 Antti LevomÀki, Christian Jalio, and Joonas Pihlaja discovered that  Wget incorrectly handled certain HTTP responses. A remote attacker  could use this issue to cause Wget to crash, resulting in a denial of  service, or possibly execute arbitrary code.  (CVE-2017-13089, CVE 2017-13090)
 Dawid Golunski discovered that Wget incorrectly handled recursive or  mirroring mode. A remote attacker could possibly use this issue to  bypass intended access list restrictions. (CVE-2016-7098)
 Orange Tsai discovered that Wget incorrectly handled CRLF sequences in  HTTP headers. A remote attacker could possibly use this issue to  inject arbitrary HTTP headers. (CVE-2017-6508)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM:  wget                            1.13.4-2ubuntu1.5
In general, a standard system update will make all the necessary changes.
References: Â https://www.ubuntu.com/usn/usn-3464-2 Â https://www.ubuntu.com/usn/usn-3464-1 Â CVE-2016-7098, CVE-2017-13089, CVE-2017-13090, CVE-2017-6508
--ÚhM90eeQAMbAqS7uYOIP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJZ9zBCAAoJEEW851uECx9pXWwQAKSluxvy/eyhKt2LqdP5BWV8 neLVpXYDgJraKg2qxElhIxOtH1CZTpOHNf+RKxfOkk0FQr+uM8docVMs4CbTLAeU 1GpdQ7LORJhZqOXsZqCYoLLyeCKHzwojJBX4CFhkVqTP8FqNP1eRlAEKvz07iXbZ mpe66CxGueC+oh8bF3UhZ/gZ69hqRWcSbequSkcxDS02wxGSx1Cd1cz7gFjsvyiQ 5UhiJDBPxFn4XaVDFOBzwN9xIsVKjN7/1TteP9O6Y2LkE2hPdRkuDIk4CCl7pL95 LgxS7jimsBd9qD4IcnxxerMCrnGPjANq8a0WfBVJNBIv5TvqzfADOuMPuWydFboI /KkD0ODcA+z73YPLxVwganin+63eOQc27cu82/du6SjFRYTbXT1Dsd+WnUU3fNLA x9wVdolm5J4x5JlkM7FfJSuBTbQeu5SNV8Jy/1fITInf0+MEVPlQ/x5Rwj+91Znq zXHopHdLX738oGegW4A4DGk7LYA0m8VVO1Z0DaqawYPPt1r1kIiRJ2cPda9Z30d9 eLnQpUjGu0jf5YJzfgCPrsgMt2sMO88ffTJRDcVJ3kFxJ8/UOTWqBccNxBPNzOjO avS5quElpSVcMd+6X2xyHj1mc5VrUvCiG5x+FKUMSDQsQCn/sNNYsue0cTLBlDSH /ruCIvNcrfmtbAXR1tAF =fmfp -----END PGP SIGNATURE-----
--=-ahM90eeQAMbAqS7uYOIP--
--===============5738800618374369861== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============5738800618374369861==--
|
|
|
|