SUSE-SU-2017:0799-1

Опубликовано: 22 мар. 2017

Источник: suse-cvrf

Описание

Security update for wget

This update for wget fixes the following issues:

Security issue fixed:

CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301).

Список пакетов

SUSE Linux Enterprise Server 11 SP4

wget-1.11.4-1.40.1

SUSE Linux Enterprise Server 11-SECURITY

wget-openssl1-1.11.4-1.40.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

wget-1.11.4-1.40.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20170799-1/
Link for SUSE-SU-2017:0799-1
https://lists.suse.com/pipermail/sle-security-updates/2017-March/002739.html
E-Mail link for SUSE-SU-2017:0799-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1028301
SUSE Bug 1028301
https://www.suse.com/security/cve/CVE-2017-6508/
SUSE CVE CVE-2017-6508 page

Описание

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:wget-1.11.4-1.40.1

SUSE Linux Enterprise Server 11-SECURITY:wget-openssl1-1.11.4-1.40.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:wget-1.11.4-1.40.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-6508.html
CVE-2017-6508
https://bugzilla.suse.com/1028301
SUSE Bug 1028301
https://bugzilla.suse.com/1159418
SUSE Bug 1159418

SUSE-SU-2017:0799-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server 11-SECURITY

SUSE Linux Enterprise Server for SAP Applications 11 SP4

Ссылки

Уязвимость: CVE-2017-6508

Описание

Затронутые продукты

Ссылки