SUSE-SU-2024:4138-1

Опубликовано: 02 дек. 2024

Источник: suse-cvrf

Описание

Security update for wget

This update for wget fixes the following issues:

CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)

Список пакетов

Image SLES15-SP3-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-BYOS-EC2-HVM

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-HPC-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-HPC-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAP-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAP-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAPCAL-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAPCAL-EC2-HVM

wget-1.20.3-150000.3.26.1

Image SLES15-SP3-SAPCAL-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-HPC-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-HPC-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-HPC-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-HPC-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-HPC-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-HPC-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Hardened-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Hardened-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Hardened-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Hardened-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Server-4-3

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Hardened

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Hardened-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Hardened-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAP-Hardened-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAPCAL

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAPCAL-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAPCAL-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP4-SAPCAL-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Azure-3P

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Azure-Basic

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Azure-Standard

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-CHOST-BYOS-Aliyun

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-CHOST-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-CHOST-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-CHOST-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-CHOST-BYOS-GDC

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-HPC-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-HPC-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-HPC-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-HPC-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Hardened-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Hardened-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Hardened-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Micro-5-5

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Micro-5-5-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Micro-5-5-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Micro-5-5-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Micro-5-5-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-Micro-5-5-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Azure-3P

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Hardened-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAP-Hardened-GCE

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAPCAL-Azure

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAPCAL-EC2

wget-1.20.3-150000.3.26.1

Image SLES15-SP5-SAPCAL-GCE

wget-1.20.3-150000.3.26.1

SUSE Linux Enterprise Micro 5.5

wget-1.20.3-150000.3.26.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

wget-1.20.3-150000.3.26.1

openSUSE Leap 15.5

wget-1.20.3-150000.3.26.1

wget-lang-1.20.3-150000.3.26.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244138-1/
Link for SUSE-SU-2024:4138-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019891.html
E-Mail link for SUSE-SU-2024:4138-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1233773
SUSE Bug 1233773
https://www.suse.com/security/cve/CVE-2024-10524/
SUSE CVE CVE-2024-10524 page

Описание

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:wget-1.20.3-150000.3.26.1

Image SLES15-SP3-BYOS-EC2-HVM:wget-1.20.3-150000.3.26.1

Image SLES15-SP3-BYOS-GCE:wget-1.20.3-150000.3.26.1

Image SLES15-SP3-HPC-BYOS-Azure:wget-1.20.3-150000.3.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-10524.html
CVE-2024-10524
https://bugzilla.suse.com/1233256
SUSE Bug 1233256
https://bugzilla.suse.com/1233773
SUSE Bug 1233773