wget-1.14-18.1.0.1.el7.AXS7

エラータID: AXSA:2024-8759:03

Release date: 
Wednesday, September 4, 2024 - 17:37
Subject: 
wget-1.14-18.1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

GNU Wget is a file retrieval utility which can use either the HTTP or FTP
protocols. Wget features include the ability to work in the background while you
are logged out, recursive retrieval of directories, file name wildcard matching,
remote file timestamp storage and comparison, use of Rest with FTP servers and
Range with HTTP servers to retrieve files over slow or unstable connections,
support for Proxy servers, and configurability.

Security Fix(es):

* CVE-2024-38428: properly re-implement userinfo parsing (rfc2396)

CVE(s):
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Solution: 

Update packages.

CVEs: 
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. wget-1.14-18.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 8a54a9bc312d588042451cf59f443e29
    SHA-256: ea104a90b3209bf3aae97e21af68d9f296f14470daac892b3727340a45079806
    Size: 546.61 kB