Red Hat Product Errata RHSA-2009:1549 - Security Advisory

Issued:: 2009-11-03
Updated:: 2009-11-03

RHSA-2009:1549 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: wget security update

Type/Severity

Security Advisory: Moderate

Topic

An updated wget package that fixes a security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP.

Daniel Stenberg reported that Wget is affected by the previously published
"null prefix attack", caused by incorrect handling of NULL characters in
X.509 certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker could
use the certificate during a man-in-the-middle attack and potentially
confuse Wget into accepting it by mistake. (CVE-2009-3490)

Wget users should upgrade to this updated package, which contains a
backported patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 520454 - CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name

CVEs

CVE-2009-3490

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
wget-1.11.4-2.el5_4.1.src.rpm	SHA-256: bfc8835f4d4336fa930e7cca2a2f01117f95ddbbbdc78f49cc69e16007caebb7
x86_64
wget-1.11.4-2.el5_4.1.x86_64.rpm	SHA-256: 5d0db0229a3b90ff64e7833596f3cd18e1387ac36c6319805bd923213bd97051
ia64
wget-1.11.4-2.el5_4.1.ia64.rpm	SHA-256: 938e8a6f287d13ee199e39135525046bc37c89bb472c1928286ffc78c4b71196
i386
wget-1.11.4-2.el5_4.1.i386.rpm	SHA-256: 9007a04dcd161291d87f9a96a15050ee73f8edf46aba92105fa8d539274f6b44

Red Hat Enterprise Linux Server 4

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
x86_64
wget-1.10.2-1.el4_8.1.x86_64.rpm	SHA-256: 0b9cdfd780a36c6288ae4159eea8cba727642f10e2f4123857d6939631162e60
wget-1.10.2-1.el4_8.1.x86_64.rpm	SHA-256: 0b9cdfd780a36c6288ae4159eea8cba727642f10e2f4123857d6939631162e60
ia64
wget-1.10.2-1.el4_8.1.ia64.rpm	SHA-256: 0b256eca863e3aae769f7a30bcbcda16863b0cd12f49e647611cb53f3ec12bc2
wget-1.10.2-1.el4_8.1.ia64.rpm	SHA-256: 0b256eca863e3aae769f7a30bcbcda16863b0cd12f49e647611cb53f3ec12bc2
i386
wget-1.10.2-1.el4_8.1.i386.rpm	SHA-256: 965af43343d82cb7707579ab56d09f1a127fd49dbf0b1736cc5c119c6925e1c5
wget-1.10.2-1.el4_8.1.i386.rpm	SHA-256: 965af43343d82cb7707579ab56d09f1a127fd49dbf0b1736cc5c119c6925e1c5

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
x86_64
wget-1.10.2-1.el4_8.1.x86_64.rpm	SHA-256: 0b9cdfd780a36c6288ae4159eea8cba727642f10e2f4123857d6939631162e60
wget-1.10.2-1.el4_8.1.x86_64.rpm	SHA-256: 0b9cdfd780a36c6288ae4159eea8cba727642f10e2f4123857d6939631162e60
ia64
wget-1.10.2-1.el4_8.1.ia64.rpm	SHA-256: 0b256eca863e3aae769f7a30bcbcda16863b0cd12f49e647611cb53f3ec12bc2
wget-1.10.2-1.el4_8.1.ia64.rpm	SHA-256: 0b256eca863e3aae769f7a30bcbcda16863b0cd12f49e647611cb53f3ec12bc2
i386
wget-1.10.2-1.el4_8.1.i386.rpm	SHA-256: 965af43343d82cb7707579ab56d09f1a127fd49dbf0b1736cc5c119c6925e1c5
wget-1.10.2-1.el4_8.1.i386.rpm	SHA-256: 965af43343d82cb7707579ab56d09f1a127fd49dbf0b1736cc5c119c6925e1c5

Red Hat Enterprise Linux Workstation 5

SRPM
wget-1.11.4-2.el5_4.1.src.rpm	SHA-256: bfc8835f4d4336fa930e7cca2a2f01117f95ddbbbdc78f49cc69e16007caebb7
x86_64
wget-1.11.4-2.el5_4.1.x86_64.rpm	SHA-256: 5d0db0229a3b90ff64e7833596f3cd18e1387ac36c6319805bd923213bd97051
i386
wget-1.11.4-2.el5_4.1.i386.rpm	SHA-256: 9007a04dcd161291d87f9a96a15050ee73f8edf46aba92105fa8d539274f6b44

Red Hat Enterprise Linux Workstation 4

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
x86_64
wget-1.10.2-1.el4_8.1.x86_64.rpm	SHA-256: 0b9cdfd780a36c6288ae4159eea8cba727642f10e2f4123857d6939631162e60
ia64
wget-1.10.2-1.el4_8.1.ia64.rpm	SHA-256: 0b256eca863e3aae769f7a30bcbcda16863b0cd12f49e647611cb53f3ec12bc2
i386
wget-1.10.2-1.el4_8.1.i386.rpm	SHA-256: 965af43343d82cb7707579ab56d09f1a127fd49dbf0b1736cc5c119c6925e1c5

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 5

SRPM
wget-1.11.4-2.el5_4.1.src.rpm	SHA-256: bfc8835f4d4336fa930e7cca2a2f01117f95ddbbbdc78f49cc69e16007caebb7
x86_64
wget-1.11.4-2.el5_4.1.x86_64.rpm	SHA-256: 5d0db0229a3b90ff64e7833596f3cd18e1387ac36c6319805bd923213bd97051
i386
wget-1.11.4-2.el5_4.1.i386.rpm	SHA-256: 9007a04dcd161291d87f9a96a15050ee73f8edf46aba92105fa8d539274f6b44

Red Hat Enterprise Linux Desktop 4

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
x86_64
wget-1.10.2-1.el4_8.1.x86_64.rpm	SHA-256: 0b9cdfd780a36c6288ae4159eea8cba727642f10e2f4123857d6939631162e60
i386
wget-1.10.2-1.el4_8.1.i386.rpm	SHA-256: 965af43343d82cb7707579ab56d09f1a127fd49dbf0b1736cc5c119c6925e1c5

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
wget-1.11.4-2.el5_4.1.src.rpm	SHA-256: bfc8835f4d4336fa930e7cca2a2f01117f95ddbbbdc78f49cc69e16007caebb7
s390x
wget-1.11.4-2.el5_4.1.s390x.rpm	SHA-256: d67701b5e8d79fb22e4d19cfef0afbb56b4cd37cc581f0d000ebcfb762c2172e

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
s390x
wget-1.10.2-1.el4_8.1.s390x.rpm	SHA-256: a2e6cb3027331de46b55bbee7e4c44bd80cafa66c504c620c98d3d677ef1d4b9
s390
wget-1.10.2-1.el4_8.1.s390.rpm	SHA-256: 10990f526f8193662aea49262fc6c313c5742c6b54be445f4433f15e7e20043c

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
s390x
wget-1.10.2-1.el4_8.1.s390x.rpm	SHA-256: a2e6cb3027331de46b55bbee7e4c44bd80cafa66c504c620c98d3d677ef1d4b9
s390
wget-1.10.2-1.el4_8.1.s390.rpm	SHA-256: 10990f526f8193662aea49262fc6c313c5742c6b54be445f4433f15e7e20043c

Red Hat Enterprise Linux for Power, big endian 5

SRPM
wget-1.11.4-2.el5_4.1.src.rpm	SHA-256: bfc8835f4d4336fa930e7cca2a2f01117f95ddbbbdc78f49cc69e16007caebb7
ppc
wget-1.11.4-2.el5_4.1.ppc.rpm	SHA-256: 3a7267967685cddf6da87295a37ce8e19590f7db5ce4534672051980cb682efe

Red Hat Enterprise Linux for Power, big endian 4

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
ppc
wget-1.10.2-1.el4_8.1.ppc.rpm	SHA-256: 8519866614ca008f3bf51bf14cb6f886bdb3c0ecc8d0a379c9b8eb5691cd16f4

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
wget-1.10.2-1.el4_8.1.src.rpm	SHA-256: a8da52f20e38333074ede5833b494d5fab714881be5b75697d7f6170458d1fba
ppc
wget-1.10.2-1.el4_8.1.ppc.rpm	SHA-256: 8519866614ca008f3bf51bf14cb6f886bdb3c0ecc8d0a379c9b8eb5691cd16f4

Red Hat Enterprise Linux Server from RHUI 5

SRPM
wget-1.11.4-2.el5_4.1.src.rpm	SHA-256: bfc8835f4d4336fa930e7cca2a2f01117f95ddbbbdc78f49cc69e16007caebb7
x86_64
wget-1.11.4-2.el5_4.1.x86_64.rpm	SHA-256: 5d0db0229a3b90ff64e7833596f3cd18e1387ac36c6319805bd923213bd97051
i386
wget-1.11.4-2.el5_4.1.i386.rpm	SHA-256: 9007a04dcd161291d87f9a96a15050ee73f8edf46aba92105fa8d539274f6b44

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.