Описание
Security update for wget
This update for wget fixes the following issues:
Security issues fixed:
- CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964)
Non security issues fixed:
- bsc#1005091: Don't call xfree() on string returned by usr_error()
- bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
wget-1.14-17.1
SUSE Linux Enterprise Desktop 12 SP2
wget-1.14-17.1
SUSE Linux Enterprise Server 12 SP1
wget-1.14-17.1
SUSE Linux Enterprise Server 12 SP2
wget-1.14-17.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
wget-1.14-17.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
wget-1.14-17.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
wget-1.14-17.1
Ссылки
- Link for SUSE-SU-2016:3268-1
- E-Mail link for SUSE-SU-2016:3268-1
- SUSE Security Ratings
- SUSE Bug 1005091
- SUSE Bug 1012677
- SUSE Bug 995964
- SUSE CVE CVE-2016-7098 page
Описание
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:wget-1.14-17.1
SUSE Linux Enterprise Desktop 12 SP2:wget-1.14-17.1
SUSE Linux Enterprise Server 12 SP1:wget-1.14-17.1
SUSE Linux Enterprise Server 12 SP2:wget-1.14-17.1
Ссылки
- CVE-2016-7098
- SUSE Bug 995964