Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2009:206

Nom du paquet: wget
Date: 2009-08-18
Advisory ID: MDVSA-2009:206
Affected versions: 2009.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS4.0 i586 , CS4.0 x86_64 , 2008.1 x86_64 , 2009.1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in wget:

GNU Wget before 1.12 does not properly handle a '\0' (NUL) character
in a domain name in the Common Name field of an X.509 certificate,
which allows man-in-the-middle remote attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority, a related issue to CVE-2009-2408 (CVE-2009-3490).

This update provides a solution to this vulnerability.

Updated packages

2009.0 x86_64

 4c3aa5dc0ff825c091f33a90e6413b18  2009.0/x86_64/wget-1.11.4-1.1mdv2009.0.x86_64.rpm 
 6790666e7840374f76f5713042791800  2009.0/SRPMS/wget-1.11.4-1.1mdv2009.0.src.rpm

MES5 i586

 9f5a3d71664dc57fb26aebbc19c59fcb  mes5/i586/wget-1.11.4-1.1mdvmes5.i586.rpm 
 f3aa17085ae5049ee3a5bf05e3119c43  mes5/SRPMS/wget-1.11.4-1.1mdvmes5.src.rpm

2009.1 i586

 22ac17fb90755905810e06ba331aa3f0  2009.1/i586/wget-1.11.4-2.1mdv2009.1.i586.rpm 
 e1cb10f372e5f447c66122cb7e21d838  2009.1/SRPMS/wget-1.11.4-2.1mdv2009.1.src.rpm

2009.0 i586

 bede85ae45fadf868872897da49055c2  2009.0/i586/wget-1.11.4-1.1mdv2009.0.i586.rpm 
 6790666e7840374f76f5713042791800  2009.0/SRPMS/wget-1.11.4-1.1mdv2009.0.src.rpm

2008.1 i586

 ea12db02d04adc9fa0b29e7236bc0aff  2008.1/i586/wget-1.11-1.1mdv2008.1.i586.rpm 
 4bb0f6cea935f1898b16138a9184532d  2008.1/SRPMS/wget-1.11-1.1mdv2008.1.src.rpm

CS4.0 i586

 968c766ddae497261b5771809aadd05c  corporate/4.0/i586/wget-1.10-1.3.20060mlcs4.i586.rpm 
 d68c51e4d12cc46284e74bcb3a49d2b3  corporate/4.0/SRPMS/wget-1.10-1.3.20060mlcs4.src.rpm

CS4.0 x86_64

 b22218a9f0e8d00eba91282955c8ff13  corporate/4.0/x86_64/wget-1.10-1.3.20060mlcs4.x86_64.rpm 
 d68c51e4d12cc46284e74bcb3a49d2b3  corporate/4.0/SRPMS/wget-1.10-1.3.20060mlcs4.src.rpm

2008.1 x86_64

 b5d0178dafabf50dd69b65640794b343  2008.1/x86_64/wget-1.11-1.1mdv2008.1.x86_64.rpm 
 4bb0f6cea935f1898b16138a9184532d  2008.1/SRPMS/wget-1.11-1.1mdv2008.1.src.rpm

2009.1 x86_64

 ed2db26279ff964b66dab3d1c8131b24  2009.1/x86_64/wget-1.11.4-2.1mdv2009.1.x86_64.rpm 
 e1cb10f372e5f447c66122cb7e21d838  2009.1/SRPMS/wget-1.11.4-2.1mdv2009.1.src.rpm

MES5 x86_64

 3a8dc29a12c1059182edbd8d732bc9df  mes5/x86_64/wget-1.11.4-1.1mdvmes5.x86_64.rpm 
 f3aa17085ae5049ee3a5bf05e3119c43  mes5/SRPMS/wget-1.11.4-1.1mdvmes5.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3490