[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1254850150.4287.3.camel@mdlinux.technorage.com>
Date: Tue, 06 Oct 2009 13:29:10 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-842-1] Wget vulnerability
===========================================================
Ubuntu Security Notice USN-842-1 October 06, 2009
wget vulnerability
CVE-2009-3490
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
wget 1.10.2-1ubuntu1.1
Ubuntu 8.04 LTS:
wget 1.10.2-3ubuntu1.1
Ubuntu 8.10:
wget 1.11.4-1ubuntu1.1
Ubuntu 9.04:
wget 1.11.4-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Wget did not correctly handle SSL certificates with
zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.diff.gz
Size/MD5: 13576 1e0bd3f6766ccec47e56543add24f6ee
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.dsc
Size/MD5: 635 2fc7a7bb0b375f0197066634251b678f
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz
Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_amd64.deb
Size/MD5: 242902 bc6388c0a62bfeb733bd9650831a16d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_i386.deb
Size/MD5: 231806 a2db447d60ee6a2c110d0821710f64e5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_powerpc.deb
Size/MD5: 237456 0cb5f38c14d929ff5bf4cf49f596173f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_sparc.deb
Size/MD5: 234566 5715c3e3c7a1fdc5088062620c1ef7a0
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.diff.gz
Size/MD5: 159701 285fb3ed2f3b72cfb2a660aa69e88992
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.dsc
Size/MD5: 724 64e8f5ca18e46e6b623f28f32636b3b0
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz
Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_amd64.deb
Size/MD5: 245188 3ce5dcf59f0b6846d0e1603e7792b767
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_amd64.udeb
Size/MD5: 113810 32e6d086f555f54d7e792308e9a751fe
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_i386.deb
Size/MD5: 237758 333fc10b43cabaea85ba3bf2e8f8912d
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_i386.udeb
Size/MD5: 106420 d9b515296d12378b9836107b566c5f98
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_lpia.deb
Size/MD5: 237412 a8a6b4b9be478453498db1c973ce0bae
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_lpia.udeb
Size/MD5: 106408 e4963b7ffe58e88dca118a9a2eebd6ea
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_powerpc.deb
Size/MD5: 253120 8808b0485d41f832ec07583d8aabd5f5
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_powerpc.udeb
Size/MD5: 121562 bb4a522a48a60ae1802bbfb098011002
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_sparc.deb
Size/MD5: 239116 a96b7a74035cec7ee7b652e0f8723c35
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_sparc.udeb
Size/MD5: 107290 e23bd05c06e106745de3c29e46e5d330
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.diff.gz
Size/MD5: 18317 8600c594c0263c32b546ee4aeab34621
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.dsc
Size/MD5: 1162 f8bdcd44667c37f106b514d94264f4bd
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar.gz
Size/MD5: 1475149 69e8a7296c0e12c53bd9ffd786462e87
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_amd64.deb
Size/MD5: 249658 16312043daa9f77500a19a3f2bf0bbfc
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_amd64.udeb
Size/MD5: 119232 96264dd4213fa4c4d02b0887e2abb284
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_i386.deb
Size/MD5: 241698 d5dd659c24a84d909feba21ed0ccefe1
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_i386.udeb
Size/MD5: 112268 62d4708363a842c8d4bf282a87fac026
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_lpia.deb
Size/MD5: 240992 1d5e2af0227b29405763279a04193155
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_lpia.udeb
Size/MD5: 111328 be42f9c9014555386d1fe99b43376c19
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_powerpc.deb
Size/MD5: 256726 e4ff5944bca367c804accbf927d416ae
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_powerpc.udeb
Size/MD5: 126314 6fc5f8629af2d78723aeb588f7cb27ae
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_sparc.deb
Size/MD5: 243624 46787ca84b77e2330c38db7aa8bd6ecb
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_sparc.udeb
Size/MD5: 113856 a789be19ca6aa42960e3330e3a1a1252
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1.diff.gz
Size/MD5: 18470 f9f8a21925957ff4524d7b522648b096
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1.dsc
Size/MD5: 1162 1aff87b060d61a095a761370685556d2
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar.gz
Size/MD5: 1475149 69e8a7296c0e12c53bd9ffd786462e87
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_amd64.deb
Size/MD5: 249808 e3d7b4fa7ac99ce2430bd06ce7ebe879
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_amd64.udeb
Size/MD5: 119320 2b3db8b5d2e77e6793ed81c0ecace5e0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_i386.deb
Size/MD5: 241732 572ab5efa430d6da464c60301de01b7b
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_i386.udeb
Size/MD5: 112198 79f3209d6fb79ecdd2aa569f2969ed4e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_lpia.deb
Size/MD5: 241120 5a5497104d603fa8bf118cb11853e05b
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_lpia.udeb
Size/MD5: 111318 e575f2ea6eedc2588075d99ce62e7c45
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_powerpc.deb
Size/MD5: 256764 4349fe2613b98215705475f428719bf7
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_powerpc.udeb
Size/MD5: 126234 649d9bcea3eaebe3fb7c120d4b0110ca
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_sparc.deb
Size/MD5: 243696 30650bcb3533c5c087e96ff9ec4e9638
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_sparc.udeb
Size/MD5: 113800 47c8a2fcffff44d84d077fa3afec1b7a
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists