==========================================================================
Ubuntu Security Notice USN-3464-2
October 30, 2017
wget vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Wget.
Software Description:
– wget: retrieves files from the web
Details:
USN-3464-1 fixed several vulnerabilities in Wget. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that
Wget incorrectly handled certain HTTP responses. A remote attacker
could use this issue to cause Wget to crash, resulting in a denial of
service, or possibly execute arbitrary code.
(CVE-2017-13089, CVE 2017-13090)
Dawid Golunski discovered that Wget incorrectly handled recursive or
mirroring mode. A remote attacker could possibly use this issue to
bypass intended access list restrictions. (CVE-2016-7098)
Orange Tsai discovered that Wget incorrectly handled CRLF sequences in
HTTP headers. A remote attacker could possibly use this issue to
inject arbitrary HTTP headers. (CVE-2017-6508)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
wget 1.13.4-2ubuntu1.5
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3464-2
https://www.ubuntu.com/usn/usn-3464-1
CVE-2016-7098, CVE-2017-13089, CVE-2017-13090, CVE-2017-6508
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJZ9zBCAAoJEEW851uECx9pXWwQAKSluxvy/eyhKt2LqdP5BWV8
neLVpXYDgJraKg2qxElhIxOtH1CZTpOHNf+RKxfOkk0FQr+uM8docVMs4CbTLAeU
1GpdQ7LORJhZqOXsZqCYoLLyeCKHzwojJBX4CFhkVqTP8FqNP1eRlAEKvz07iXbZ
mpe66CxGueC+oh8bF3UhZ/gZ69hqRWcSbequSkcxDS02wxGSx1Cd1cz7gFjsvyiQ
5UhiJDBPxFn4XaVDFOBzwN9xIsVKjN7/1TteP9O6Y2LkE2hPdRkuDIk4CCl7pL95
LgxS7jimsBd9qD4IcnxxerMCrnGPjANq8a0WfBVJNBIv5TvqzfADOuMPuWydFboI
/KkD0ODcA+z73YPLxVwganin+63eOQc27cu82/du6SjFRYTbXT1Dsd+WnUU3fNLA
x9wVdolm5J4x5JlkM7FfJSuBTbQeu5SNV8Jy/1fITInf0+MEVPlQ/x5Rwj+91Znq
zXHopHdLX738oGegW4A4DGk7LYA0m8VVO1Z0DaqawYPPt1r1kIiRJ2cPda9Z30d9
eLnQpUjGu0jf5YJzfgCPrsgMt2sMO88ffTJRDcVJ3kFxJ8/UOTWqBccNxBPNzOjO
avS5quElpSVcMd+6X2xyHj1mc5VrUvCiG5x+FKUMSDQsQCn/sNNYsue0cTLBlDSH
/ruCIvNcrfmtbAXR1tAF
=fmfp
—–END PGP SIGNATURE—–
—