wget-1.12-5.AXS4.1

エラータID: AXSA:2014-673:03

Release date: 
Monday, November 3, 2014 - 19:04
Subject: 
wget-1.12-5.AXS4.1
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
Moderate
Description: 

Description :
GNU Wget is a file retrieval utility which can use either the HTTP or
FTP protocols. Wget features include the ability to work in the
background while you are logged out, recursive retrieval of
directories, file name wildcard matching, remote file timestamp
storage and comparison, use of Rest with FTP servers and Range with
HTTP servers to retrieve files over slow or unstable connections,
support for Proxy servers, and configurability.

Security issues fixed with this release:

CVE-2014-4877
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

Solution: 

Update package.

CVEs: 
CVE-2014-4877
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.


Additional Info: 

N/A

Download: 

SRPMS
  1. wget-1.12-5.AXS4.1.src.rpm
    MD5: 10126919b6dd23ce14724a095f695034
    SHA-256: aeb8c2a1e6bb1daaace419c7a571273ec09ff6ca465bd5daa45b4de42db54c4f
    Size: 1.57 MB

Asianux Server 4 for x86
  1. wget-1.12-5.AXS4.1.i686.rpm
    MD5: 2b901072c13c94f11df9cdcd6401412e
    SHA-256: 277bc8dbcb8b52bf598b01915725b854c8b67d1fe6dca843c15a46ca40247d17
    Size: 485.84 kB

Asianux Server 4 for x86_64
  1. wget-1.12-5.AXS4.1.x86_64.rpm
    MD5: a7180dd933d86daf2e060160cbfbb92d
    SHA-256: 5873cd557623a89775f5763c9c180d3add5e2fb5b719cc9f49619520e627f4f4
    Size: 486.24 kB