You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa wget

Sigurnosni nedostaci programskog paketa wget

==========================================================================
Ubuntu Security Notice USN-3943-2
April 09, 2019

wget vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Wget.

Software Description:
– wget: retrieves files from the web

Details:

USN-3943-1 fixed a vulnerability in Wget. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Kusano Kazuhiko discovered that Wget incorrectly handled certain
 inputs. An attacker could possibly use this issue to execute arbitrary
 code. (CVE-2019-5953)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  wget                            1.13.4-2ubuntu1.7

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3943-2
  https://usn.ubuntu.com/usn/usn-3943-1
  CVE-2019-5953—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcrJ2ZAAoJEEW851uECx9pK7QQAJnEM1+KM5N6wNxhYevdYnaQ
0YYE6CBsUbBTRt7m6ctUT0Ji5vcSTV8JbMLbMAO0IZ24vxYvcTTWeZ2LpmOuQjuy
53w1ZbIC63X4Sweepx7E5w1RtVDPZ32Y17T314fEJ1LQ4ragChjL2P6qD1v3vCeR
WwCmBD1iiXGZ2u33hP9XM0jCsqcynNqYZcRquExNZlnN/zQVPiIvLDg4asUxA89s
hX3ouIShtr5Az85v5NjvZ2uF9lgR4Y4nDmbVupaDYh4m0/rHx5UzPq0D8wEV+Vql
8VSUUfFe0EEyVI1Ijvq9W5WCOBEwPk4o1aBN/uV9LVGAUdNRtC/cvvvKIPoARTYC
t1sWfTpkfuHAwRX8F6PBL9GEZ045RsobOlMvXORZlHZNeVmMqngNAFgbtUvxZlZt
KC9ApcEGCrBZOY364QWE6zq4WkbZbdkcpfsaapHHYzliFJhq3WBQmsuMlmG2d9tz
O9jaB6iMcJ7oTP4rAzCIRsThJgZyGSjCXhBE+I1LRDeS3Ex1wauAVala9s56X7bI
eKFgRiKH8cIWjRvNUighse+v8OARWNFyUt4wsH6234+YWzUl74l+iOUYxDEBgYDu
MKtxMtP0tW6LA3VvSMA3g7K1+v3+8u53zpYyMT3hvgOE+/tp03WjvGNrtf2h5ZvB
D1OFVkrCFLfugMSqjMJ+
=Nag3
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3943-1
April 08, 2019

wget vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Wget.

Software Description:
– wget: retrieves files from the web

Details:

It was discovered that Wget incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 18.10. (CVE-2018-20483)

Kusano Kazuhiko discovered that Wget incorrectly handled certain
inputs. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2019-5953)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  wget                            1.19.5-1ubuntu1.1

Ubuntu 18.04 LTS:
  wget                            1.19.4-1ubuntu2.2

Ubuntu 16.04 LTS:
  wget                            1.17.1-1ubuntu1.5

Ubuntu 14.04 LTS:
  wget                            1.15-1ubuntu1.14.04.5

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3943-1
  CVE-2018-20483, CVE-2019-5953

Package Information:
  https://launchpad.net/ubuntu/+source/wget/1.19.5-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/wget/1.19.4-1ubuntu2.2
  https://launchpad.net/ubuntu/+source/wget/1.17.1-1ubuntu1.5
  https://launchpad.net/ubuntu/+source/wget/1.15-1ubuntu1.14.04.5—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcrJNIAAoJEEW851uECx9p6J0P/0C1x/ER7eqC0Dt5rXNE9ihM
Nk1E3/WmmgxMGV6q8puOn9q03LNq/zQ7/5Y2vaY4krT1EoYfi8YPN0szvPKH+zhU
EOmtPWjTOoMe93qbmBRUYziOxJV+fSRI31pdCSI5wO8/LfY4KDw1jIpCdnl9aRxo
Q/k/HTVu35GtVV6nCZFivgqm+9acWv/JuMhxRxlBuy8zj6MAQrTz4aD7LLqWuhHV
IT+LkfEwC8EX5Udb4kooslG46x8eXodYg0afPKcK+F0A06Dm4hcUM/Z3SUMUXfPv
y1vIXnVITgNKyPfR2nHuC0/AQzZ9BylMgS6zD3QIUywGBjsU3s6SJIrQqC55Pd/i
K46Srb1qdizIN8LwkFe+39zuG0CStGdYUqbtJY4upFsThG0cBNk4+KRRBw7tTgvL
+tIbWD9CFnkkmO6xRwV713obwOLfMUuK9ETX2GU/VtMt16P/7wLsSNGrtqKBLVYA
+lBlwa6hjv6at0dPApJhaHgsoYz4tXBA+uL+E5+a4nFDeqXdexfHGlCIrBPqwr8K
Ln6/Z5n5oJUSoplxTYAMsd4QvGy2WpNSDhs2ZiOzg4k3xgKexR1GQaA6fAVS6/Lb
ssHO911VvCMqTPJIqIdJBFHUrU4RnzqCU0ullvIDYgMog1cp4f4mu/J4H5QVeQsi
kR0yiFVjbAoEzm1+NLws
=PJOu
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa openssh

Otkriven je sigurnosni nedostatak u programskom paketu openssh za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close