wget-1.21.1-8.el9_4
エラータID: AXSA:2024-8748:02
Release date:
Wednesday, September 4, 2024 - 14:51
Subject:
wget-1.21.1-8.el9_4
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.
Security Fix(es):
* wget: Misinterpretation of input may lead to improper behavior (CVE-2024-38428)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Solution:
Update packages.
CVEs:
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Additional Info:
N/A
Download:
SRPMS
- wget-1.21.1-8.el9_4.src.rpm
MD5: d97dace1481f4948a9e13f368ffa63a6
SHA-256: 45937227e006fae43a545a7b7cbe6727e54fbbc8b2338a8bc94f12836cd49be1
Size: 4.68 MB
Asianux Server 9 for x86_64
- wget-1.21.1-8.el9_4.x86_64.rpm
MD5: 5b321718bd88e20eeb8caba701e4334f
SHA-256: 003249efa9bd21e3e1cca2c79728456133f16f869c2522eedca300b0ad240987
Size: 787.82 kB