Описание
Security update for wget
This update for wget fixes the following issues:
-
CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060).
-
CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964)
Bug fixed:
- Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
wget-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-LTSS
wget-1.11.4-1.32.1
wget-openssl1-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
wget-1.11.4-1.32.1
wget-openssl1-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP4
wget-1.11.4-1.32.1
SUSE Linux Enterprise Server 11-SECURITY
wget-openssl1-1.11.4-1.32.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
wget-1.11.4-1.32.1
SUSE Manager 2.1
wget-1.11.4-1.32.1
SUSE Manager Proxy 2.1
wget-1.11.4-1.32.1
SUSE OpenStack Cloud 5
wget-1.11.4-1.32.1
Ссылки
- Link for SUSE-SU-2016:2358-1
- E-Mail link for SUSE-SU-2016:2358-1
- SUSE Security Ratings
- SUSE Bug 958342
- SUSE Bug 984060
- SUSE Bug 995964
- SUSE CVE CVE-2016-4971 page
- SUSE CVE CVE-2016-7098 page
Описание
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:wget-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-LTSS:wget-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-LTSS:wget-openssl1-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:wget-1.11.4-1.32.1
Ссылки
- CVE-2016-4971
- SUSE Bug 1023231
- SUSE Bug 984060
Описание
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:wget-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-LTSS:wget-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-LTSS:wget-openssl1-1.11.4-1.32.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:wget-1.11.4-1.32.1
Ссылки
- CVE-2016-7098
- SUSE Bug 995964