Home > Security > Advisories

Advisories

Mandriva Advisories

Package name wget
Date January 15th, 2007
Advisory ID MDKSA-2007:017
Affected versions CS3.0, MNF2.0, 2006.0, 2007.0, CS4.0
Synopsis Updated wget packages fix ftp vulnerability

Problem Description

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF)
GNU wget 1.10.2 allows remote attackers to cause a denial of service
(application crash) via a malicious FTP server with a large number of
blank 220 responses to the SYST command.

The updated packages have been patched to correct this problem.

Updated Packages

Corporate Server 3.0

 485d33aa6d44eedd9ae0fa41e6e1159d  corporate/3.0/i586/wget-1.9.1-4.4.C30mdk.i586.rpm 
 6765dc9c586b7520a87e619095475a9b  corporate/3.0/SRPMS/wget-1.9.1-4.4.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 4c64e7dfc485a04c4fd38d6f492d7e34  corporate/3.0/x86_64/wget-1.9.1-4.4.C30mdk.x86_64.rpm 
 6765dc9c586b7520a87e619095475a9b  corporate/3.0/SRPMS/wget-1.9.1-4.4.C30mdk.src.rpm

Multi Network Firewall 2.0

 31945b27c8a8777a7c2c55bbf12eff73  mnf/2.0/i586/wget-1.9.1-4.4.M20mdk.i586.rpm 
 6c94e26ee057c849a1a4f01b6777f818  mnf/2.0/SRPMS/wget-1.9.1-4.4.M20mdk.src.rpm

Mandriva Linux 2006

 8f5fbe5fa003b203c5be4f65c72eafef  2006.0/i586/wget-1.10-1.2.20060mdk.i586.rpm 
 7bbe865186503532dc5fa194240167c0  2006.0/SRPMS/wget-1.10-1.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 a70b537b39d5397cb142b20bba55b6f5  2006.0/x86_64/wget-1.10-1.2.20060mdk.x86_64.rpm 
 7bbe865186503532dc5fa194240167c0  2006.0/SRPMS/wget-1.10-1.2.20060mdk.src.rpm

Mandriva Linux 2007

 c6331e96c0180a6fb364c4dd0d824bad  2007.0/i586/wget-1.10.2-3.1mdv2007.0.i586.rpm 
 53d0cfe5e83b5126d89963611dbe0196  2007.0/SRPMS/wget-1.10.2-3.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 b7826d019cb0bd54c8f59007566db782  2007.0/x86_64/wget-1.10.2-3.1mdv2007.0.x86_64.rpm 
 53d0cfe5e83b5126d89963611dbe0196  2007.0/SRPMS/wget-1.10.2-3.1mdv2007.0.src.rpm

Corporate Server 4.0

 8050181ba71182203403e7d3b12b7922  corporate/4.0/i586/wget-1.10-1.2.20060mlcs4.i586.rpm 
 730e722809170908e017844728f87c86  corporate/4.0/SRPMS/wget-1.10-1.2.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 0be58a7ab8d999489b311fa12bf2e5d4  corporate/4.0/x86_64/wget-1.10-1.2.20060mlcs4.x86_64.rpm 
 730e722809170908e017844728f87c86  corporate/4.0/SRPMS/wget-1.10-1.2.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6719

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.