Ubuntu alert USN-6852-2 (wget)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6852-2] Wget vulnerability | |
| Date: | Thu, 27 Jun 2024 08:51:38 -0300 | |
| Message-ID: | <20240627115138.GA3516032@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-6852-2 June 27, 2024 wget vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Wget could be made to connect to a different host than expected. Software Description: - wget: retrieves files from the web Details: USN-6852-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Wget incorrectly handled semicolons in the userinfo subcomponent of a URI. A remote attacker could possibly trick a user into connecting to a different host than expected. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS wget 1.19.4-1ubuntu2.2+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS wget 1.17.1-1ubuntu1.5+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6852-2 https://ubuntu.com/security/notices/USN-6852-1 CVE-2024-38428
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmZ9UkUACgkQRbznW4QL H2k18A//Rlgc7t35Nco3oSB+Nb93pUIlFFuAsC41WgUVZ/lEBtGg40CGQK15E19M lXVKd7o3+a2u8j3N29g87JCJ1HN/Pb+/UyN6vj3dy4E/molGRpRtyfYBvkyjZa9t hlObO29Is5qAzQZOKYIQYPxY/34GCzXediyFMLnBof5bAviA2DYN9FVDZDcNuk6P 1UL+bWHDDfylvfFRlRWVFMyEWKFtYcfZgJ7DLdlTXhOBrqdkpSVun4ESQedkcIcw 8nfJNB8orRFgkKCrgmQ3yrhOYbpfO12uINNuRnCjMPk5QwV34ovLtdz7M6e7FNrJ O+Nl1vJW6gXOyEwhvSWNxmy/iVgTyeE65tM8E7KGldBx1yJrFv0kpYD7CYC28SXF iSXwxsRraKQcLGhz7cVWWhxr80XPLiLwAVNre/Thgwoa+Gsm/+K2huSqxIBGogWQ B3hyTbdf2hXgVlixLY6FiiYlaMHntFBjPRP5EX/STv4YPrM6a91w2FPjiQoBsvUg ayzmtU4y7sdqaluQLFpMd6cpRmI/Bss6UOcrfWwbID9FNBqt8MyIW2CVj46C9aWe jMakkjilOhsxnTbdk35sd5SuP75plNlkWE/djOrMAz0lS8DzQA7JNk2hO4FiROXb N4LL4iz/VuLR4lJsI8Uev/gd7bBZoXxdh96PxzhO/Qa3zlQbvh8= =Vu++ -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)