=========================================================== Ubuntu Security Notice USN-842-1 October 06, 2009 wget vulnerability CVE-2009-3490 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: wget 1.10.2-1ubuntu1.1 Ubuntu 8.04 LTS: wget 1.10.2-3ubuntu1.1 Ubuntu 8.10: wget 1.11.4-1ubuntu1.1 Ubuntu 9.04: wget 1.11.4-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.diff.gz Size/MD5: 13576 1e0bd3f6766ccec47e56543add24f6ee http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.dsc Size/MD5: 635 2fc7a7bb0b375f0197066634251b678f http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_amd64.deb Size/MD5: 242902 bc6388c0a62bfeb733bd9650831a16d7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_i386.deb Size/MD5: 231806 a2db447d60ee6a2c110d0821710f64e5 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_powerpc.deb Size/MD5: 237456 0cb5f38c14d929ff5bf4cf49f596173f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_sparc.deb Size/MD5: 234566 5715c3e3c7a1fdc5088062620c1ef7a0 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.diff.gz Size/MD5: 159701 285fb3ed2f3b72cfb2a660aa69e88992 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.dsc Size/MD5: 724 64e8f5ca18e46e6b623f28f32636b3b0 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_amd64.deb Size/MD5: 245188 3ce5dcf59f0b6846d0e1603e7792b767 http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_amd64.udeb Size/MD5: 113810 32e6d086f555f54d7e792308e9a751fe i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_i386.deb Size/MD5: 237758 333fc10b43cabaea85ba3bf2e8f8912d http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_i386.udeb Size/MD5: 106420 d9b515296d12378b9836107b566c5f98 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_lpia.deb Size/MD5: 237412 a8a6b4b9be478453498db1c973ce0bae http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_lpia.udeb Size/MD5: 106408 e4963b7ffe58e88dca118a9a2eebd6ea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_powerpc.deb Size/MD5: 253120 8808b0485d41f832ec07583d8aabd5f5 http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_powerpc.udeb Size/MD5: 121562 bb4a522a48a60ae1802bbfb098011002 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_sparc.deb Size/MD5: 239116 a96b7a74035cec7ee7b652e0f8723c35 http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_sparc.udeb Size/MD5: 107290 e23bd05c06e106745de3c29e46e5d330 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.diff.gz Size/MD5: 18317 8600c594c0263c32b546ee4aeab34621 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.dsc Size/MD5: 1162 f8bdcd44667c37f106b514d94264f4bd http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar.gz Size/MD5: 1475149 69e8a7296c0e12c53bd9ffd786462e87 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_amd64.deb Size/MD5: 249658 16312043daa9f77500a19a3f2bf0bbfc http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_amd64.udeb Size/MD5: 119232 96264dd4213fa4c4d02b0887e2abb284 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_i386.deb Size/MD5: 241698 d5dd659c24a84d909feba21ed0ccefe1 http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_i386.udeb Size/MD5: 112268 62d4708363a842c8d4bf282a87fac026 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_lpia.deb Size/MD5: 240992 1d5e2af0227b29405763279a04193155 http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_lpia.udeb Size/MD5: 111328 be42f9c9014555386d1fe99b43376c19 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_powerpc.deb Size/MD5: 256726 e4ff5944bca367c804accbf927d416ae http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_powerpc.udeb Size/MD5: 126314 6fc5f8629af2d78723aeb588f7cb27ae sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_sparc.deb Size/MD5: 243624 46787ca84b77e2330c38db7aa8bd6ecb http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_sparc.udeb Size/MD5: 113856 a789be19ca6aa42960e3330e3a1a1252 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1.diff.gz Size/MD5: 18470 f9f8a21925957ff4524d7b522648b096 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1.dsc Size/MD5: 1162 1aff87b060d61a095a761370685556d2 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar.gz Size/MD5: 1475149 69e8a7296c0e12c53bd9ffd786462e87 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_amd64.deb Size/MD5: 249808 e3d7b4fa7ac99ce2430bd06ce7ebe879 http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_amd64.udeb Size/MD5: 119320 2b3db8b5d2e77e6793ed81c0ecace5e0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_i386.deb Size/MD5: 241732 572ab5efa430d6da464c60301de01b7b http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_i386.udeb Size/MD5: 112198 79f3209d6fb79ecdd2aa569f2969ed4e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_lpia.deb Size/MD5: 241120 5a5497104d603fa8bf118cb11853e05b http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_lpia.udeb Size/MD5: 111318 e575f2ea6eedc2588075d99ce62e7c45 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_powerpc.deb Size/MD5: 256764 4349fe2613b98215705475f428719bf7 http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_powerpc.udeb Size/MD5: 126234 649d9bcea3eaebe3fb7c120d4b0110ca sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_sparc.deb Size/MD5: 243696 30650bcb3533c5c087e96ff9ec4e9638 http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_sparc.udeb Size/MD5: 113800 47c8a2fcffff44d84d077fa3afec1b7a
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/