Issued:: 2005-09-27
Updated:: 2005-09-27

RHSA-2005:771 - Security Advisory

Overview
Updated Packages

Synopsis

wget security update

Type/Severity

Security Advisory: Low

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated wget package that fixes several security issues is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

GNU Wget is a file retrieval utility that can use either the HTTP or
FTP protocols.

A bug was found in the way wget writes files to the local disk. If a
malicious local user has write access to the directory wget is saving a
file into, it is possible to overwrite files that the user running wget
has write access to. (CAN-2004-2014)

A bug was found in the way wget filters redirection URLs. It is possible
for a malicious Web server to overwrite files the user running wget has
write access to. Note: in order for this attack to succeed the local
DNS would need to resolve ".." to an IP address, which is an unlikely
situation. (CAN-2004-1487)

A bug was found in the way wget displays HTTP response codes. It is
possible that a malicious web server could inject a specially crafted
terminal escape sequence capable of misleading the user running wget.
(CAN-2004-1488)

Users should upgrade to this updated package, which contains a version of
wget that is not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 144214 - CAN-2004-1487 Several wget vulnerabilities (CAN-2004-1488)
BZ - 157498 - CAN-2004-2014 wget symlink race
BZ - 165782 - wget man page incomplete

CVEs

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
wget-1.10.1-2.4E.1.x86_64.rpm	SHA-256: 990d1403a7ae6f9f4b632c8f5cdcc5ab0c262e7f6f01d091355ac8684bd74836
wget-1.10.1-2.4E.1.x86_64.rpm	SHA-256: 990d1403a7ae6f9f4b632c8f5cdcc5ab0c262e7f6f01d091355ac8684bd74836
ia64
wget-1.10.1-2.4E.1.ia64.rpm	SHA-256: 5d097cb9c5dd930d347c9d1ecc4c9f8b649d566e8fb313a60b2094fe947213a1
wget-1.10.1-2.4E.1.ia64.rpm	SHA-256: 5d097cb9c5dd930d347c9d1ecc4c9f8b649d566e8fb313a60b2094fe947213a1
i386
wget-1.10.1-2.4E.1.i386.rpm	SHA-256: de7e090604322fb0f4a1e1b1440d6ee4d1f3467e4dec8075c27867c9e3274c0a
wget-1.10.1-2.4E.1.i386.rpm	SHA-256: de7e090604322fb0f4a1e1b1440d6ee4d1f3467e4dec8075c27867c9e3274c0a

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
wget-1.10.1-2.4E.1.x86_64.rpm	SHA-256: 990d1403a7ae6f9f4b632c8f5cdcc5ab0c262e7f6f01d091355ac8684bd74836
ia64
wget-1.10.1-2.4E.1.ia64.rpm	SHA-256: 5d097cb9c5dd930d347c9d1ecc4c9f8b649d566e8fb313a60b2094fe947213a1
i386
wget-1.10.1-2.4E.1.i386.rpm	SHA-256: de7e090604322fb0f4a1e1b1440d6ee4d1f3467e4dec8075c27867c9e3274c0a

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
wget-1.10.1-2.4E.1.x86_64.rpm	SHA-256: 990d1403a7ae6f9f4b632c8f5cdcc5ab0c262e7f6f01d091355ac8684bd74836
i386
wget-1.10.1-2.4E.1.i386.rpm	SHA-256: de7e090604322fb0f4a1e1b1440d6ee4d1f3467e4dec8075c27867c9e3274c0a

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
wget-1.10.1-2.4E.1.s390x.rpm	SHA-256: 62c8d5e65e73e5da501865d39bef3c89a3ec3c51790c13fb48523ff7d19ea869
s390
wget-1.10.1-2.4E.1.s390.rpm	SHA-256: 28271f34d3381f75a0ced441ce7c86b0ae8ea523ce0838bd8e738b601ef1566e

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
wget-1.10.1-2.4E.1.ppc.rpm	SHA-256: a06cb3d78874b1e8d7c0ede9d1b60b335eb9003d467712dd84197da4b998c4e7

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation