wget-1.11.4-2.1.1AXS3

エラータID: AXSA:2009-420:01

Release date: 
Monday, November 9, 2009 - 13:33
Subject: 
wget-1.11.4-2.1.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability.
Security bugs fixed with this release:
CVE-2009-3490
GNU Wget before 1.12 does not properly handle a '0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Solution: 

Update packages.

CVEs: 
CVE-2009-3490
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.


Additional Info: 

N/A

Download: 

SRPMS
  1. wget-1.11.4-2.1.1AXS3.src.rpm
    MD5: 7cf921c07215e7d11887bff8df8ba1fa
    SHA-256: 1967134b4fcc88e3e1df701b8ec964d0334ea5a953f57cbbac6f39e0e30a285c
    Size: 0.95 MB

Asianux Server 3 for x86
  1. wget-1.11.4-2.1.1AXS3.i386.rpm
    MD5: 77f0b9d058a2345c9d6796220e1673e6
    SHA-256: 6e27aada81c774366d92373145d6b3ad83a45bb35e5a103e8501bfc011640fe3
    Size: 601.03 kB

Asianux Server 3 for x86_64
  1. wget-1.11.4-2.1.1AXS3.x86_64.rpm
    MD5: fd1613c5cac85f4f0591120ade04a2d9
    SHA-256: 911de389d36524149051ca2b48d0e24c44eb4d5f40e08af22816d3e046a30f24
    Size: 601.36 kB