Issued:: 2005-11-02
Updated:: 2005-11-02

RHSA-2005:812 - Security Advisory

Overview
Updated Packages

Synopsis

wget security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated wget packages that fix a security issue are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

GNU Wget is a file retrieval utility that can use either the HTTP or
FTP protocols.

A stack based buffer overflow bug was found in the wget implementation of
NTLM authentication. An attacker could execute arbitrary code on a user's
machine if the user can be tricked into connecting to a malicious web
server using NTLM authentication. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3185 to this issue.

All users of wget are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 170666 - CVE-2005-3185 NTLM buffer overflow

CVEs

CVE-2005-3185

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
wget-1.10.2-0.40E.x86_64.rpm	SHA-256: e46253e88b40b5a1cfec5f3322c741b05016332eee11157aa1aafee0c0661b51
wget-1.10.2-0.40E.x86_64.rpm	SHA-256: e46253e88b40b5a1cfec5f3322c741b05016332eee11157aa1aafee0c0661b51
ia64
wget-1.10.2-0.40E.ia64.rpm	SHA-256: 6babccac75f95bea2d04d7db1860509689cce63ddcfd88794d45db51ff74b9aa
wget-1.10.2-0.40E.ia64.rpm	SHA-256: 6babccac75f95bea2d04d7db1860509689cce63ddcfd88794d45db51ff74b9aa
i386
wget-1.10.2-0.40E.i386.rpm	SHA-256: 0247c4dd0e34cb44ba00ef45c42d2f1f5dc72c3be170cd20d35ace7676313433
wget-1.10.2-0.40E.i386.rpm	SHA-256: 0247c4dd0e34cb44ba00ef45c42d2f1f5dc72c3be170cd20d35ace7676313433

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
wget-1.10.2-0.40E.x86_64.rpm	SHA-256: e46253e88b40b5a1cfec5f3322c741b05016332eee11157aa1aafee0c0661b51
ia64
wget-1.10.2-0.40E.ia64.rpm	SHA-256: 6babccac75f95bea2d04d7db1860509689cce63ddcfd88794d45db51ff74b9aa
i386
wget-1.10.2-0.40E.i386.rpm	SHA-256: 0247c4dd0e34cb44ba00ef45c42d2f1f5dc72c3be170cd20d35ace7676313433

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
wget-1.10.2-0.40E.x86_64.rpm	SHA-256: e46253e88b40b5a1cfec5f3322c741b05016332eee11157aa1aafee0c0661b51
i386
wget-1.10.2-0.40E.i386.rpm	SHA-256: 0247c4dd0e34cb44ba00ef45c42d2f1f5dc72c3be170cd20d35ace7676313433

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
wget-1.10.2-0.40E.s390x.rpm	SHA-256: 26e0d554f5deff01b9b893884832d95e6962baf1c9a8ee86cadc9cee09eba9b2
s390
wget-1.10.2-0.40E.s390.rpm	SHA-256: d23d2814a845d54d37add86e347734b55b38f10a1e30d18a1324ae0df2d6146a

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
wget-1.10.2-0.40E.ppc.rpm	SHA-256: e2cd1239bd474bbe194cc89330c1343eb0cb575caf6fa2a974df0c2f1318c422

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation