openSUSE-SU-2019:0057-1

Опубликовано: 23 мар. 2019

Источник: suse-cvrf

Описание

Security update for wget

This update for wget fixes the following issues:

Security issue fixed:

CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

wget-1.19.5-lp150.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VQB3VGM73MWXA3OQFWL4UK2Z2IBTZMIT/#VQB3VGM73MWXA3OQFWL4UK2Z2IBTZMIT
E-Mail link for openSUSE-SU-2019:0057-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1120382
SUSE Bug 1120382
https://www.suse.com/security/cve/CVE-2018-20483/
SUSE CVE CVE-2018-20483 page

Описание

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

Затронутые продукты

openSUSE Leap 15.0:wget-1.19.5-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20483.html
CVE-2018-20483
https://bugzilla.suse.com/1120382
SUSE Bug 1120382

openSUSE-SU-2019:0057-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-20483

Описание

Затронутые продукты

Ссылки