GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jun 14, 2018 2:26 am Post subject: [ GLSA 201806-01 ] GNU Wget |
 |
|
Gentoo Linux Security Advisory
Title: GNU Wget: Cookie injection (GLSA 201806-01)
Severity: normal
Exploitable: remote
Date: 2018-06-13
Bug(s): #655216
ID: 201806-01
Synopsis
A vulnerablity in GNU Wget could allow arbitrary cookies to be
injected.
Background
GNU Wget is a free software package for retrieving files using HTTP,
HTTPS and FTP, the most widely-used Internet protocols.
Affected Packages
Package: net-misc/wget
Vulnerable: < 1.19.5
Unaffected: >= 1.19.5
Architectures: All supported architectures
Description
A vulnerability was discovered in GNU Wget’s resp_new function which
does not validate
sequences in continuation lines.
Impact
A remote attacker could inject arbitrary cookie entry requests.
Workaround
There is no known workaround at this time.
Resolution
All GNU Wget users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/wget-1.19.5"
|
References
CVE-2018-0494 |
|
News & Announcements
