"Ubuntu Security Notice USN-842-1 October 06, 2009
wget vulnerability
CVE-2009-3490
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
wget 1.10.2-1ubuntu1.1
Ubuntu 8.04 LTS:
wget 1.10.2-3ubuntu1.1
Ubuntu 8.10:
wget 1.11.4-1ubuntu1.1
Ubuntu 9.04:
wget 1.11.4-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Wget did not correctly handle SSL certificates with
zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1=
.1.diff.gz
Size/MD5: 13576 1e0bd3f6766ccec47e56543add24f6ee
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1=
.1.dsc
Size/MD5: 635 2fc7a7bb0b375f0197066634251b678f
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar=
.gz
Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1=
.1_amd64.deb
Size/MD5: 242902 bc6388c0a62bfeb733bd9650831a16d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1=
.1_i386.deb
Size/MD5: 231806 a2db447d60ee6a2c110d0821710f64e5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1=
.1_powerpc.deb
Size/MD5: 237456 0cb5f38c14d929ff5bf4cf49f596173f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1=
.1_sparc.deb
Size/MD5: 234566 5715c3e3c7a1fdc5088062620c1ef7a0
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1=
.1.diff.gz
Size/MD5: 159701 285fb3ed2f3b72cfb2a660aa69e88992
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1=
.1.dsc
Size/MD5: 724 64e8f5ca18e46e6b623f28f32636b3b0
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar=
.gz
Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1=
.1_amd64.deb
Size/MD5: 245188 3ce5dcf59f0b6846d0e1603e7792b767
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2=
-3ubuntu1.1_amd64.udeb
Size/MD5: 113810 32e6d086f555f54d7e792308e9a751fe
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1=
.1_i386.deb
Size/MD5: 237758 333fc10b43cabaea85ba3bf2e8f8912d
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2=
-3ubuntu1.1_i386.udeb
Size/MD5: 106420 d9b515296d12378b9836107b566c5f98
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_lpia.de=
b
Size/MD5: 237412 a8a6b4b9be478453498db1c973ce0bae
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.=
1_lpia.udeb
Size/MD5: 106408 e4963b7ffe58e88dca118a9a2eebd6ea
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_powerpc=
.deb
Size/MD5: 253120 8808b0485d41f832ec07583d8aabd5f5
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.=
1_powerpc.udeb
Size/MD5: 121562 bb4a522a48a60ae1802bbfb098011002
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_sparc.d=
eb
Size/MD5: 239116 a96b7a74035cec7ee7b652e0f8723c35
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.=
1_sparc.udeb
Size/MD5: 107290 e23bd05c06e106745de3c29e46e5d330
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1=
.1.diff.gz
Size/MD5: 18317 8600c594c0263c32b546ee4aeab34621
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1=
.1.dsc
Size/MD5: 1162 f8bdcd44667c37f106b514d94264f4bd
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar=
.gz
Size/MD5: 1475149 69e8a7296c0e12c53bd9ffd786462e87
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1=
.1_amd64.deb
Size/MD5: 249658 16312043daa9f77500a19a3f2bf0bbfc
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4=
-1ubuntu1.1_amd64.udeb
Size/MD5: 119232 96264dd4213fa4c4d02b0887e2abb284
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1=
.1_i386.deb
Size/MD5: 241698 d5dd659c24a84d909feba21ed0ccefe1
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4=
-1ubuntu1.1_i386.udeb
Size/MD5: 112268 62d4708363a842c8d4bf282a87fac026
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_lpia.de=
b
Size/MD5: 240992 1d5e2af0227b29405763279a04193155
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.=
1_lpia.udeb
Size/MD5: 111328 be42f9c9014555386d1fe99b43376c19
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_powerpc=
.deb
Size/MD5: 256726 e4ff5944bca367c804accbf927d416ae
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.=
1_powerpc.udeb
Size/MD5: 126314 6fc5f8629af2d78723aeb588f7cb27ae
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_sparc.d=
eb
Size/MD5: 243624 46787ca84b77e2330c38db7aa8bd6ecb
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.=
1_sparc.udeb
Size/MD5: 113856 a789be19ca6aa42960e3330e3a1a1252
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1=
.1.diff.gz
Size/MD5: 18470 f9f8a21925957ff4524d7b522648b096
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1=
.1.dsc
Size/MD5: 1162 1aff87b060d61a095a761370685556d2
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar=
.gz
Size/MD5: 1475149 69e8a7296c0e12c53bd9ffd786462e87
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1=
.1_amd64.deb
Size/MD5: 249808 e3d7b4fa7ac99ce2430bd06ce7ebe879
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4=
-2ubuntu1.1_amd64.udeb
Size/MD5: 119320 2b3db8b5d2e77e6793ed81c0ecace5e0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1=
.1_i386.deb
Size/MD5: 241732 572ab5efa430d6da464c60301de01b7b
http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4=
-2ubuntu1.1_i386.udeb
Size/MD5: 112198 79f3209d6fb79ecdd2aa569f2969ed4e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_lpia.de=
b
Size/MD5: 241120 5a5497104d603fa8bf118cb11853e05b
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.=
1_lpia.udeb
Size/MD5: 111318 e575f2ea6eedc2588075d99ce62e7c45
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_powerpc=
.deb
Size/MD5: 256764 4349fe2613b98215705475f428719bf7
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.=
1_powerpc.udeb
Size/MD5: 126234 649d9bcea3eaebe3fb7c120d4b0110ca
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_sparc.d=
eb
Size/MD5: 243696 30650bcb3533c5c087e96ff9ec4e9638
http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.=
1_sparc.udeb
Size/MD5: 113800 47c8a2fcffff44d84d077fa3afec1b7a
--=-49RqLMDoNXv1J/yVCmC6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkrLfmMACgkQLMAs/0C4zNroKgCbBK91UOBdDHzSGQloEuajGiMj
cUsAn2ql0f/pkxP8OBRNUz9VdJQVub7m
=v9NR
-----END PGP SIGNATURE-----
"
Rihanna saved millions on new homeUSN-841-1: GLib vulnerability
This entry was posted
on 10:53 AM
.
Archives
-
▼
2009
(488)
-
▼
October
(44)
- DSA 1915-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1529-01 Moderate: samba security update
- USN-850-2: poppler regression
- GLSA 200910-03 Adobe Reader: Multiple vulnerabili...
- DSA 1919-1: New smarty packages fix several vulner...
- DSA 1917-1: New mimetex packages fix several vulne...
- DSA 1912-2: New advi packages fix arbitrary code e...
- GLSA 200910-02 Pidgin: Multiple vulnerabilities
- USN-850-1: poppler vulnerabilities
- RHSA-2009:1522-01 Moderate: kernel security and bu...
- RHSA-2009:1512-01 Important: kdegraphics security ...
- DSA 1912-1: New camlimages fix arbitrary code exec...
- DSA 1913-1: New bugzilla packages fix SQL injection
- DSA 1911-1: New pygresql packages provide secure e...
- RHSA-2009:1499-01 Critical: acroread security update
- RHSA-2009:1501-01 Important: xpdf security update
- USN-848-1: Zope vulnerabilities
- RHSA-2009:1503-01 Important: gpdf security update
- RHSA-2009:1505-01 Moderate: java-1.4.2-ibm securit...
- RHSA-2009:1504-01 Important: poppler security and ...
- DSA 1910-1: New mysql-ocaml packages provide secur...
- USN-849-1: libsndfile vulnerabilities
- RHSA-2009:1502-01 Important: kdegraphics security ...
- RHSA-2009:1513-01 Moderate: cups security update
- USN-847-1: Devscripts vulnerability
- DSA 1895-2: New opensaml2 and shibboleth-sp2 packa...
- DSA 1906-1: End-of-life announcement for clamav in...
- USN-846-1: ICU vulnerability
- USN-845-1: Pan vulnerability
- RHSA-2009:1484-01 Moderate: postgresql security up...
- USN-843-1: BackupPC vulnerability
- USN-842-1: Wget vulnerability
- USN-841-1: GLib vulnerability
- DSA 1902-1: New elinks packages fix arbitrary code...
- DSA 1899-1: New strongswan packages fix denial of ...
- DSA 1901-1: New mediawiki1.7 packages fix several ...
- RHSA-2009:1471-01 Important: elinks security update
- USN-839-1: Samba vulnerabilities
- DSA 1898-1: New openswan packages fix denial of se...
- RHSA-2009:1470-01 Moderate: openssh security update
- USN-838-1: Dovecot vulnerabilities
- RHSA-2009:1472-01 Moderate: xen security and bug f...
- RHSA-2009:1469-01 Important: kernel security update
- RHSA-2009:1455-01 Moderate: kernel security and bu...
-
▼
October
(44)