Nom du paquet
wget
Date
2010-09-02
Advisory ID
MDVSA-2010:170
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in wget:

GNU Wget 1.12 and earlier uses a server-provided filename instead of
the original URL to determine the destination filename of a download,
which allows remote servers to create or overwrite arbitrary files
via a 3xx redirect to a URL with a .wgetrc filename followed by a
3xx redirect to a URL with a crafted filename, and possibly execute
arbitrary code as a consequence of writing to a dotfile in a home
directory (CVE-2010-2252).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 a4085e07b09d67b8f295584ab35ddfbc  2009.0/x86_64/wget-1.11.4-1.2mdv2009.0.x86_64.rpm 
 cdf5a30faa17484a2866837e08b3550f  2009.0/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm

MES5 i586

 c079b55002ddd85953d889e8636f69e0  mes5/i586/wget-1.11.4-1.2mdvmes5.1.i586.rpm 
 d5b1e38ec6dc55ff0edfb9d07ff4551b  mes5/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
 3d8118d89968bc2fd0fe68455362494a  mes5/SRPMS/wget-1.11.4-1.2mdvmes5.1.src.rpm

2010.1 i586

 b670d7af035db4c61a1dc925bd2586cf  2010.1/i586/wget-1.12-4.1mdv2010.1.i586.rpm 
 d237c820d5bd93b560c0c370bf645607  2010.1/SRPMS/wget-1.12-4.1mdv2010.1.src.rpm

2010.0 x86_64

 02ec17f7b8fe8d4b32d0ecd1578e8e9f  2010.0/x86_64/wget-1.12-1.1mdv2010.0.x86_64.rpm 
 b907b039a3103699de15cfc8e4dd895b  2010.0/SRPMS/wget-1.12-1.1mdv2010.0.src.rpm

2010.0 i586

 798c72df6dcbba66b6a8a84ed39da2f8  2010.0/i586/wget-1.12-1.1mdv2010.0.i586.rpm 
 b907b039a3103699de15cfc8e4dd895b  2010.0/SRPMS/wget-1.12-1.1mdv2010.0.src.rpm

2009.1 i586

 d3d6016f347ac5d7b01edbb7b6c5cd5f  2009.1/i586/wget-1.11.4-2.2mdv2009.1.i586.rpm 
 9d8270a9b8de5d56f44a44c93e8011ed  2009.1/SRPMS/wget-1.11.4-2.2mdv2009.1.src.rpm

2009.0 i586

 355096fbe1677276227ea873583693b0  2009.0/i586/wget-1.11.4-1.2mdv2009.0.i586.rpm 
 cdf5a30faa17484a2866837e08b3550f  2009.0/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm

CS4.0 i586

 de7e81f0336ff2366876ae2ff334c03a  corporate/4.0/i586/wget-1.10-1.4.20060mlcs4.i586.rpm 
 1e64e31099b37e35e23b6aa64c6618fe  corporate/4.0/SRPMS/wget-1.10-1.4.20060mlcs4.src.rpm

2008.0 x86_64

 befd1e73b9ffd3d01d75e7bc9bc63bcc  2008.0/x86_64/wget-1.10.2-6.2mdv2008.0.x86_64.rpm 
 21dd2f19ceeb8b36ab09963eda907d0b  2008.0/SRPMS/wget-1.10.2-6.2mdv2008.0.src.rpm

CS4.0 x86_64

 38bc352a335d0ab431b76c6889b020ec  corporate/4.0/x86_64/wget-1.10-1.4.20060mlcs4.x86_64.rpm 
 1e64e31099b37e35e23b6aa64c6618fe  corporate/4.0/SRPMS/wget-1.10-1.4.20060mlcs4.src.rpm

2008.0 i586

 2f1452708ed6febe407e1c116158bd53  2008.0/i586/wget-1.10.2-6.2mdv2008.0.i586.rpm 
 21dd2f19ceeb8b36ab09963eda907d0b  2008.0/SRPMS/wget-1.10.2-6.2mdv2008.0.src.rpm

2009.1 x86_64

 940dd4720eb792e825dfa68997df35be  2009.1/x86_64/wget-1.11.4-2.2mdv2009.1.x86_64.rpm 
 9d8270a9b8de5d56f44a44c93e8011ed  2009.1/SRPMS/wget-1.11.4-2.2mdv2009.1.src.rpm

MES5 x86_64

 63c67375cbc4539a081d7563bd7ddb79  mes5/x86_64/wget-1.11.4-1.2mdvmes5.1.x86_64.rpm 
 d5b1e38ec6dc55ff0edfb9d07ff4551b  mes5/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
 3d8118d89968bc2fd0fe68455362494a  mes5/SRPMS/wget-1.11.4-1.2mdvmes5.1.src.rpm

2010.1 x86_64

 1d4e7f9d9fd44937207e1f9905ac2d99  2010.1/x86_64/wget-1.12-4.1mdv2010.1.x86_64.rpm 
 d237c820d5bd93b560c0c370bf645607  2010.1/SRPMS/wget-1.12-4.1mdv2010.1.src.rpm

References