Mandriva

Package name wget Date June 9th, 2005 Advisory ID MDKSA-2005:098 Affected versions 10.0, 10.1, CS2.1, CS3.0, 10.2 Synopsis Updated wget packages fix vulnerabilities

Problem Description

Two vulnerabilities were found in wget. The first is that an HTTP
redirect statement could be used to do a directory traversal and
write to files outside of the current directory. The second is that
HTTP redirect statements could be used to overwrite dot ('.') files,
potentially overwriting the user's configuration files (such as
.bashrc, etc.).

The updated packages have been patched to help address these problems
by replacing dangerous directories and filenames containing the dot ('.')
character with an underscore ('_') character.

Updated Packages

Mandrakelinux 10.0

 e61a21190da94a75eaaf083eb894dd3e  10.0/RPMS/wget-1.9.1-4.1.100mdk.i586.rpm
368f43f3ff9dbbe4502e84a38bac5786  10.0/SRPMS/wget-1.9.1-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 cf379f576b75dee53b747897bfe89c03  amd64/10.0/RPMS/wget-1.9.1-4.1.100mdk.amd64.rpm
368f43f3ff9dbbe4502e84a38bac5786  amd64/10.0/SRPMS/wget-1.9.1-4.1.100mdk.src.rpm

Mandrakelinux 10.1

 d182df118b7e9ade64b77983dff47fc4  10.1/RPMS/wget-1.9.1-4.2.101mdk.i586.rpm
91f8cbb93a4453a68c13bd12620e3e4e  10.1/SRPMS/wget-1.9.1-4.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 64827a4a355d106a477cb4b5bcf882cb  x86_64/10.1/RPMS/wget-1.9.1-4.2.101mdk.x86_64.rpm
91f8cbb93a4453a68c13bd12620e3e4e  x86_64/10.1/SRPMS/wget-1.9.1-4.2.101mdk.src.rpm

Corporate Server 2.1

 e058c63a097aadc247458e54e092c03a  corporate/2.1/RPMS/wget-1.8.2-3.2.C21mdk.i586.rpm
f45e8a97e6d535fc27d0053813959145  corporate/2.1/SRPMS/wget-1.8.2-3.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 89ae60b0b75411c6abb5774795f09af0  x86_64/corporate/2.1/RPMS/wget-1.8.2-3.2.C21mdk.x86_64.rpm
f45e8a97e6d535fc27d0053813959145  x86_64/corporate/2.1/SRPMS/wget-1.8.2-3.2.C21mdk.src.rpm

Corporate Server 3.0

 bcf947efa32f9ce531077faf5e470e98  corporate/3.0/RPMS/wget-1.9.1-4.2.C30mdk.i586.rpm
ab34a60ca4ebf44d2e02988e19df5929  corporate/3.0/SRPMS/wget-1.9.1-4.2.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 66190c6d61c180ec8a3bc8592ca55da6  x86_64/corporate/3.0/RPMS/wget-1.9.1-4.2.C30mdk.x86_64.rpm
ab34a60ca4ebf44d2e02988e19df5929  x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.2.C30mdk.src.rpm

Mandriva Linux LE2005

 99aa2d3e18afa3e7ef1d3b746b70e431  10.2/RPMS/wget-1.9.1-5.1.102mdk.i586.rpm
fdf0fdde2c0d220c7b9cf755c3a28a98  10.2/SRPMS/wget-1.9.1-5.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 d6793d9ab06478949aa9bb75aa216138  x86_64/10.2/RPMS/wget-1.9.1-5.1.102mdk.x86_64.rpm
fdf0fdde2c0d220c7b9cf755c3a28a98  x86_64/10.2/SRPMS/wget-1.9.1-5.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1488

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.