wget-1.14-18.el7

エラータID: AXSA:2018-3408:01

Release date: 
Wednesday, November 7, 2018 - 23:50
Subject: 
wget-1.14-18.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.

Security Fix(es):

* wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in
the resp_new function in http.c via a \r\n sequence in a continuation
line.

Solution: 

Update packages.

CVEs: 
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
Additional Info: 

N/A

Download: 

SRPMS
  1. wget-1.14-18.el7.src.rpm
    MD5: ef79bafc1d65dd525e677eb518a80a1f
    SHA-256: 07559d1b7b34b284e398bed6adb3d22be168ab0cff6cacd5d99f8194d85290ad
    Size: 1.56 MB

Asianux Server 7 for x86_64
  1. wget-1.14-18.el7.x86_64.rpm
    MD5: d9a48ab4710342bb38c4b9a61f89554d
    SHA-256: 69ee19da9d8b099d21bdcc35047997a91c2341313771e1b794e53f079f79111d
    Size: 546.12 kB