MDVSA-2010:170
- Package name
- wget
- Date
- 2010-09-02
- Advisory ID
- MDVSA-2010:170
- Affected versions
- 2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in wget:
GNU Wget 1.12 and earlier uses a server-provided filename instead of
the original URL to determine the destination filename of a download,
which allows remote servers to create or overwrite arbitrary files
via a 3xx redirect to a URL with a .wgetrc filename followed by a
3xx redirect to a URL with a crafted filename, and possibly execute
arbitrary code as a consequence of writing to a dotfile in a home
directory (CVE-2010-2252).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
Updated packages
2009.0 x86_64
a4085e07b09d67b8f295584ab35ddfbc 2009.0/x86_64/wget-1.11.4-1.2mdv2009.0.x86_64.rpm cdf5a30faa17484a2866837e08b3550f 2009.0/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
MES5 i586
c079b55002ddd85953d889e8636f69e0 mes5/i586/wget-1.11.4-1.2mdvmes5.1.i586.rpm d5b1e38ec6dc55ff0edfb9d07ff4551b mes5/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm 3d8118d89968bc2fd0fe68455362494a mes5/SRPMS/wget-1.11.4-1.2mdvmes5.1.src.rpm
2010.1 i586
b670d7af035db4c61a1dc925bd2586cf 2010.1/i586/wget-1.12-4.1mdv2010.1.i586.rpm d237c820d5bd93b560c0c370bf645607 2010.1/SRPMS/wget-1.12-4.1mdv2010.1.src.rpm
2010.0 x86_64
02ec17f7b8fe8d4b32d0ecd1578e8e9f 2010.0/x86_64/wget-1.12-1.1mdv2010.0.x86_64.rpm b907b039a3103699de15cfc8e4dd895b 2010.0/SRPMS/wget-1.12-1.1mdv2010.0.src.rpm
2010.0 i586
798c72df6dcbba66b6a8a84ed39da2f8 2010.0/i586/wget-1.12-1.1mdv2010.0.i586.rpm b907b039a3103699de15cfc8e4dd895b 2010.0/SRPMS/wget-1.12-1.1mdv2010.0.src.rpm
2009.1 i586
d3d6016f347ac5d7b01edbb7b6c5cd5f 2009.1/i586/wget-1.11.4-2.2mdv2009.1.i586.rpm 9d8270a9b8de5d56f44a44c93e8011ed 2009.1/SRPMS/wget-1.11.4-2.2mdv2009.1.src.rpm
2009.0 i586
355096fbe1677276227ea873583693b0 2009.0/i586/wget-1.11.4-1.2mdv2009.0.i586.rpm cdf5a30faa17484a2866837e08b3550f 2009.0/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
CS4.0 i586
de7e81f0336ff2366876ae2ff334c03a corporate/4.0/i586/wget-1.10-1.4.20060mlcs4.i586.rpm 1e64e31099b37e35e23b6aa64c6618fe corporate/4.0/SRPMS/wget-1.10-1.4.20060mlcs4.src.rpm
2008.0 x86_64
befd1e73b9ffd3d01d75e7bc9bc63bcc 2008.0/x86_64/wget-1.10.2-6.2mdv2008.0.x86_64.rpm 21dd2f19ceeb8b36ab09963eda907d0b 2008.0/SRPMS/wget-1.10.2-6.2mdv2008.0.src.rpm
CS4.0 x86_64
38bc352a335d0ab431b76c6889b020ec corporate/4.0/x86_64/wget-1.10-1.4.20060mlcs4.x86_64.rpm 1e64e31099b37e35e23b6aa64c6618fe corporate/4.0/SRPMS/wget-1.10-1.4.20060mlcs4.src.rpm
2008.0 i586
2f1452708ed6febe407e1c116158bd53 2008.0/i586/wget-1.10.2-6.2mdv2008.0.i586.rpm 21dd2f19ceeb8b36ab09963eda907d0b 2008.0/SRPMS/wget-1.10.2-6.2mdv2008.0.src.rpm
2009.1 x86_64
940dd4720eb792e825dfa68997df35be 2009.1/x86_64/wget-1.11.4-2.2mdv2009.1.x86_64.rpm 9d8270a9b8de5d56f44a44c93e8011ed 2009.1/SRPMS/wget-1.11.4-2.2mdv2009.1.src.rpm
MES5 x86_64
63c67375cbc4539a081d7563bd7ddb79 mes5/x86_64/wget-1.11.4-1.2mdvmes5.1.x86_64.rpm d5b1e38ec6dc55ff0edfb9d07ff4551b mes5/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm 3d8118d89968bc2fd0fe68455362494a mes5/SRPMS/wget-1.11.4-1.2mdvmes5.1.src.rpm
2010.1 x86_64
1d4e7f9d9fd44937207e1f9905ac2d99 2010.1/x86_64/wget-1.12-4.1mdv2010.1.x86_64.rpm d237c820d5bd93b560c0c370bf645607 2010.1/SRPMS/wget-1.12-4.1mdv2010.1.src.rpm