Описание
Security update for wget
This update for wget fixes the following issues:
- Fix for HTTP to a FTP redirection file name confusion vulnerability (bsc#984060, CVE-2016-4971).
- Work around a libidn vulnerability (bsc#937096, CVE-2015-2059).
- Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
wget-1.14-10.3
SUSE Linux Enterprise Server 12 SP1
wget-1.14-10.3
SUSE Linux Enterprise Server for SAP Applications 12 SP1
wget-1.14-10.3
Ссылки
- Link for SUSE-SU-2016:2226-1
- E-Mail link for SUSE-SU-2016:2226-1
- SUSE Security Ratings
- SUSE Bug 937096
- SUSE Bug 958342
- SUSE Bug 984060
- SUSE CVE CVE-2015-2059 page
- SUSE CVE CVE-2016-4971 page
Описание
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:wget-1.14-10.3
SUSE Linux Enterprise Server 12 SP1:wget-1.14-10.3
SUSE Linux Enterprise Server for SAP Applications 12 SP1:wget-1.14-10.3
Ссылки
- CVE-2015-2059
- SUSE Bug 1173590
- SUSE Bug 919214
- SUSE Bug 923241
- SUSE Bug 937096
- SUSE Bug 937097
Описание
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:wget-1.14-10.3
SUSE Linux Enterprise Server 12 SP1:wget-1.14-10.3
SUSE Linux Enterprise Server for SAP Applications 12 SP1:wget-1.14-10.3
Ссылки
- CVE-2016-4971
- SUSE Bug 1023231
- SUSE Bug 984060