Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-76
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 06 Jul 2005
Last revised: 03 Aug 2005
Package: wget
Summary: Symlink attack in wget
More information:
Wget is a file retrieval utility which can use either the HTTP or FTP protocols.
A vulnerability in the manner in which wget handles temporary files
could allow local users to overwrite arbitrary files via a symlink attack.
Impact:
This vulerability could allow attackers to overwrite arbitrary files
via a symbolic link attack.
Affected Products:
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u wget
[other]
# turbopkg
or
# zabom update wget
---------------------------------------------
Source Packages
Size: MD5
wget-1.10-1.src.rpm
1605173 0d51aec5a055b7ef927a2a269cdbaae9
Binary Packages
Size: MD5
wget-1.10-1.i586.rpm
401104 ec716b69602d475cc88037068b27047f
Source Packages
Size: MD5
wget-1.10-1.src.rpm
1605173 a0a5d37c826acc1bf0d5fc5021471ea0
Binary Packages
Size: MD5
wget-1.10-1.i586.rpm
401653 7a16d5f8b4449b9adb4fc44344db149e
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/wget-1.10-1.src.rpm
1605173 a2e2acf5d37d26cb8d20fb456ea8b2e6
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/wget-1.10-1.i586.rpm
404540 b55a7847d740e3ec700565bb729dfcbc
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/wget-1.10-1.src.rpm
1605173 6f84b0b6df89d0c7e7351e7e1cdf029f
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/wget-1.10-1.i586.rpm
404962 de60c95c538b3623d622200c93dc46db
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/wget-1.10-1.src.rpm
1605173 913495954c9c5004ebbe615ace9cae95
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/wget-1.10-1.i586.rpm
401524 4b1dd825eadcfd1acc9fc46e6caf258a
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/wget-1.10-1.src.rpm
1605173 45b2cbbcac7f2474409a80d21dcde102
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/wget-1.10-1.i586.rpm
401530 cde4ac044ef3f542c171fa2e203aab82
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/wget-1.10-1.src.rpm
1605173 42e357b46085ad9d6e9688a06ecbffb7
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/wget-1.10-1.i586.rpm
398818 3ef4bf1218307910b8cada6b909ce477
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/wget-1.10-1.src.rpm
1605173 924e2045adfe334db0cf64032a422b7e
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/wget-1.10-1.i586.rpm
398598 0b41a395a80f97d8e7749122b5fb52c8
References:
CVE
[CAN-2004-2014]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2014
--------------------------------------------------------------------------
Revision History
06 Jul 2005 Initial release
03 Aug 2005 Added Turbolinux Multimedia, Turbolinux Personal to "Affected Products"
--------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC8G6VK0LzjOqIJMwRAm0LAJ9vNK6DqMf+mDioI60vTQ7np/dEyQCfWbXZ
YhKxI4x7SXRpMW96NzcGDL8=
=3aDj
-----END PGP SIGNATURE-----
|