wget-1.19.5-12.el8_10
エラータID: AXSA:2024-8669:01
Release date:
Thursday, August 15, 2024 - 16:31
Subject:
wget-1.19.5-12.el8_10
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.
Security Fix(es):
* wget: Misinterpretation of input may lead to improper behavior (CVE-2024-38428)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Solution:
Update packages.
CVEs:
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Additional Info:
N/A
Download:
SRPMS
- wget-1.19.5-12.el8_10.src.rpm
MD5: e8ad03b08ae7857be94d51a2f8264d64
SHA-256: 9886899975a958526eedac38a579747a3558c56681a1e8a8716cd2018a67bc5f
Size: 4.30 MB
Asianux Server 8 for x86_64
- wget-1.19.5-12.el8_10.x86_64.rpm
MD5: 188866fec248996cfef89617b5e801da
SHA-256: dcd3b4682e8e53a1dcab008aaaa862c438538550c2f4e467441593ad225d2e94
Size: 733.16 kB
日本語