MDVSA-2009:206-1
- Package name
- wget
- Date
- 2009-12-04
- Advisory ID
- MDVSA-2009:206-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability has been found and corrected in wget:
GNU Wget before 1.12 does not properly handle a '\0' (NUL) character
in a domain name in the Common Name field of an X.509 certificate,
which allows man-in-the-middle remote attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority, a related issue to CVE-2009-2408 (CVE-2009-3490).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
a4bf5040e83c9a4b6a2178b795ab4c54 2008.0/i586/wget-1.10.2-6.1mdv2008.0.i586.rpm f15f03d9076965a40fc48384bceda628 2008.0/SRPMS/wget-1.10.2-6.1mdv2008.0.src.rpm
2008.0 x86_64
6284a52aa7dd4d24ef5405326f3992f5 2008.0/x86_64/wget-1.10.2-6.1mdv2008.0.x86_64.rpm f15f03d9076965a40fc48384bceda628 2008.0/SRPMS/wget-1.10.2-6.1mdv2008.0.src.rpm