Package name
wget
Date
2009-12-04
Advisory ID
MDVSA-2009:206-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in wget:

GNU Wget before 1.12 does not properly handle a '\0' (NUL) character
in a domain name in the Common Name field of an X.509 certificate,
which allows man-in-the-middle remote attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority, a related issue to CVE-2009-2408 (CVE-2009-3490).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 a4bf5040e83c9a4b6a2178b795ab4c54  2008.0/i586/wget-1.10.2-6.1mdv2008.0.i586.rpm 
 f15f03d9076965a40fc48384bceda628  2008.0/SRPMS/wget-1.10.2-6.1mdv2008.0.src.rpm

2008.0 x86_64

 6284a52aa7dd4d24ef5405326f3992f5  2008.0/x86_64/wget-1.10.2-6.1mdv2008.0.x86_64.rpm 
 f15f03d9076965a40fc48384bceda628  2008.0/SRPMS/wget-1.10.2-6.1mdv2008.0.src.rpm

References