Sicherheit: Zwei Probleme in Wget

Lesezeichen hinzufügen

--===============2654462642303554987==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-9CRuFQ1kwNIA3y2Q5vK3"

--=-9CRuFQ1kwNIA3y2Q5vK3
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3943-1
April 08, 2019

wget vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Wget.

Software Description:
- wget: retrieves files from the web

Details:

It was discovered that Wget incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 18.10. (CVE-2018-20483)

Kusano Kazuhiko discovered that Wget incorrectly handled certain
inputs. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2019-5953)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
wget 1.19.5-1ubuntu1.1

Ubuntu 18.04 LTS:
wget 1.19.4-1ubuntu2.2

Ubuntu 16.04 LTS:
wget 1.17.1-1ubuntu1.5

Ubuntu 14.04 LTS:
wget 1.15-1ubuntu1.14.04.5

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3943-1
CVE-2018-20483, CVE-2019-5953

Package Information:
https://launchpad.net/ubuntu/+source/wget/1.19.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/wget/1.19.4-1ubuntu2.2
https://launchpad.net/ubuntu/+source/wget/1.17.1-1ubuntu1.5
https://launchpad.net/ubuntu/+source/wget/1.15-1ubuntu1.14.04.5
--=-9CRuFQ1kwNIA3y2Q5vK3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJcrJNIAAoJEEW851uECx9p6J0P/0C1x/ER7eqC0Dt5rXNE9ihM
Nk1E3/WmmgxMGV6q8puOn9q03LNq/zQ7/5Y2vaY4krT1EoYfi8YPN0szvPKH+zhU
EOmtPWjTOoMe93qbmBRUYziOxJV+fSRI31pdCSI5wO8/LfY4KDw1jIpCdnl9aRxo
Q/k/HTVu35GtVV6nCZFivgqm+9acWv/JuMhxRxlBuy8zj6MAQrTz4aD7LLqWuhHV
IT+LkfEwC8EX5Udb4kooslG46x8eXodYg0afPKcK+F0A06Dm4hcUM/Z3SUMUXfPv
y1vIXnVITgNKyPfR2nHuC0/AQzZ9BylMgS6zD3QIUywGBjsU3s6SJIrQqC55Pd/i
K46Srb1qdizIN8LwkFe+39zuG0CStGdYUqbtJY4upFsThG0cBNk4+KRRBw7tTgvL
+tIbWD9CFnkkmO6xRwV713obwOLfMUuK9ETX2GU/VtMt16P/7wLsSNGrtqKBLVYA
+lBlwa6hjv6at0dPApJhaHgsoYz4tXBA+uL+E5+a4nFDeqXdexfHGlCIrBPqwr8K
Ln6/Z5n5oJUSoplxTYAMsd4QvGy2WpNSDhs2ZiOzg4k3xgKexR1GQaA6fAVS6/Lb
ssHO911VvCMqTPJIqIdJBFHUrU4RnzqCU0ullvIDYgMog1cp4f4mu/J4H5QVeQsi
kR0yiFVjbAoEzm1+NLws
=PJOu
-----END PGP SIGNATURE-----

--=-9CRuFQ1kwNIA3y2Q5vK3--

--===============2654462642303554987==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============2654462642303554987==--