openSUSE-SU-2017:0015-1

Опубликовано: 03 янв. 2017

Источник: suse-cvrf

Описание

Security update for wget

This update for wget fixes the following issues:

Security issues fixed:

CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964)

Non security issues fixed:

bsc#1005091: Don't call xfree() on string returned by usr_error()
bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

wget-1.14-6.1

openSUSE Leap 42.2

wget-1.14-6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html
E-Mail link for openSUSE-SU-2017:0015-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Затронутые продукты

openSUSE Leap 42.1:wget-1.14-6.1

openSUSE Leap 42.2:wget-1.14-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-7098.html
CVE-2016-7098
https://bugzilla.suse.com/995964
SUSE Bug 995964

openSUSE-SU-2017:0015-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-7098

Описание

Затронутые продукты

Ссылки