Mandriva 1273 Published by

Updated wget packages are available for Mandriva Linux
_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: wget
Advisory ID: MDKSA-2005:098
Date: June 9th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Two vulnerabilities were found in wget. The first is that an HTTP redirect statement could be used to do a directory traversal and write to files outside of the current directory. The second is that HTTP redirect statements could be used to overwrite dot ('.') files, potentially overwriting the user's configuration files (such as .bashrc, etc.).

The updated packages have been patched to help address these problems by replacing dangerous directories and filenames containing the dot ('.') character with an underscore ('_') character.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1488
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
e61a21190da94a75eaaf083eb894dd3e 10.0/RPMS/wget-1.9.1-4.1.100mdk.i586.rpm
368f43f3ff9dbbe4502e84a38bac5786 10.0/SRPMS/wget-1.9.1-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
cf379f576b75dee53b747897bfe89c03 amd64/10.0/RPMS/wget-1.9.1-4.1.100mdk.amd64.rpm
368f43f3ff9dbbe4502e84a38bac5786 amd64/10.0/SRPMS/wget-1.9.1-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
d182df118b7e9ade64b77983dff47fc4 10.1/RPMS/wget-1.9.1-4.2.101mdk.i586.rpm
91f8cbb93a4453a68c13bd12620e3e4e 10.1/SRPMS/wget-1.9.1-4.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
64827a4a355d106a477cb4b5bcf882cb x86_64/10.1/RPMS/wget-1.9.1-4.2.101mdk.x86_64.rpm
91f8cbb93a4453a68c13bd12620e3e4e x86_64/10.1/SRPMS/wget-1.9.1-4.2.101mdk.src.rpm

Mandrakelinux 10.2:
99aa2d3e18afa3e7ef1d3b746b70e431 10.2/RPMS/wget-1.9.1-5.1.102mdk.i586.rpm
fdf0fdde2c0d220c7b9cf755c3a28a98 10.2/SRPMS/wget-1.9.1-5.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
d6793d9ab06478949aa9bb75aa216138 x86_64/10.2/RPMS/wget-1.9.1-5.1.102mdk.x86_64.rpm
fdf0fdde2c0d220c7b9cf755c3a28a98 x86_64/10.2/SRPMS/wget-1.9.1-5.1.102mdk.src.rpm

Corporate Server 2.1:
e058c63a097aadc247458e54e092c03a corporate/2.1/RPMS/wget-1.8.2-3.2.C21mdk.i586.rpm
f45e8a97e6d535fc27d0053813959145 corporate/2.1/SRPMS/wget-1.8.2-3.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
89ae60b0b75411c6abb5774795f09af0 x86_64/corporate/2.1/RPMS/wget-1.8.2-3.2.C21mdk.x86_64.rpm
f45e8a97e6d535fc27d0053813959145 x86_64/corporate/2.1/SRPMS/wget-1.8.2-3.2.C21mdk.src.rpm

Corporate 3.0:
bcf947efa32f9ce531077faf5e470e98 corporate/3.0/RPMS/wget-1.9.1-4.2.C30mdk.i586.rpm
ab34a60ca4ebf44d2e02988e19df5929 corporate/3.0/SRPMS/wget-1.9.1-4.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
66190c6d61c180ec8a3bc8592ca55da6 x86_64/corporate/3.0/RPMS/wget-1.9.1-4.2.C30mdk.x86_64.rpm
ab34a60ca4ebf44d2e02988e19df5929 x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com