drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Wget (Aktualisierung)
| Name: |
Mehrere Probleme in Wget (Aktualisierung) |
|
| ID: |
USN-3464-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 12.04 ESM |
|
| Datum: |
Mo, 30. Oktober 2017, 18:47 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6508 |
|
| Applikationen: |
Wget |
|
| Update von: |
Mehrere Probleme in Wget |
|
Originalnachricht |
--===============5738800618374369861==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-ahM90eeQAMbAqS7uYOIP"
--=-ahM90eeQAMbAqS7uYOIP
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-3464-2
October 30, 2017
wget vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Wget.
Software Description:
- wget: retrieves files from the web
Details:
USN-3464-1 fixed several vulnerabilities in Wget. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
 Antti LevomÀki, Christian Jalio, and Joonas Pihlaja discovered that
 Wget incorrectly handled certain HTTP responses. A remote attacker
 could use this issue to cause Wget to crash, resulting in a denial of
 service, or possibly execute arbitrary code.Â
 (CVE-2017-13089, CVE 2017-13090)
 Dawid Golunski discovered that Wget incorrectly handled recursive or
 mirroring mode. A remote attacker could possibly use this issue to
 bypass intended access list restrictions. (CVE-2016-7098)
 Orange Tsai discovered that Wget incorrectly handled CRLF sequences in
 HTTP headers. A remote attacker could possibly use this issue to
 inject arbitrary HTTP headers. (CVE-2017-6508)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
Â
wget                            1.13.4-2ubuntu1.5
In general, a standard system update will make all the necessary
changes.
References:
 https://www.ubuntu.com/usn/usn-3464-2
 https://www.ubuntu.com/usn/usn-3464-1
 CVE-2016-7098, CVE-2017-13089, CVE-2017-13090, CVE-2017-6508
--ÚhM90eeQAMbAqS7uYOIP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJZ9zBCAAoJEEW851uECx9pXWwQAKSluxvy/eyhKt2LqdP5BWV8
neLVpXYDgJraKg2qxElhIxOtH1CZTpOHNf+RKxfOkk0FQr+uM8docVMs4CbTLAeU
1GpdQ7LORJhZqOXsZqCYoLLyeCKHzwojJBX4CFhkVqTP8FqNP1eRlAEKvz07iXbZ
mpe66CxGueC+oh8bF3UhZ/gZ69hqRWcSbequSkcxDS02wxGSx1Cd1cz7gFjsvyiQ
5UhiJDBPxFn4XaVDFOBzwN9xIsVKjN7/1TteP9O6Y2LkE2hPdRkuDIk4CCl7pL95
LgxS7jimsBd9qD4IcnxxerMCrnGPjANq8a0WfBVJNBIv5TvqzfADOuMPuWydFboI
/KkD0ODcA+z73YPLxVwganin+63eOQc27cu82/du6SjFRYTbXT1Dsd+WnUU3fNLA
x9wVdolm5J4x5JlkM7FfJSuBTbQeu5SNV8Jy/1fITInf0+MEVPlQ/x5Rwj+91Znq
zXHopHdLX738oGegW4A4DGk7LYA0m8VVO1Z0DaqawYPPt1r1kIiRJ2cPda9Z30d9
eLnQpUjGu0jf5YJzfgCPrsgMt2sMO88ffTJRDcVJ3kFxJ8/UOTWqBccNxBPNzOjO
avS5quElpSVcMd+6X2xyHj1mc5VrUvCiG5x+FKUMSDQsQCn/sNNYsue0cTLBlDSH
/ruCIvNcrfmtbAXR1tAF
=fmfp
-----END PGP SIGNATURE-----
--=-ahM90eeQAMbAqS7uYOIP--
--===============5738800618374369861==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK
--===============5738800618374369861==--
|
|
|
|
