Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1364 [DLA 1760-1] wget security update 23 April 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wget Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-5953 Reference: ESB-2019.1323 ESB-2019.1245 ESB-2019.1220 ESB-2019.1168 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/04/msg00020.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : wget Version : 1.16-1+deb8u6 CVE ID : CVE-2019-5953 Kusano Kazuhiko discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers (IRI) in wget, a network utility to retrieve files from the web, which could result in the execution of arbitrary code or denial of service when recursively downloading from an untrusted server. For Debian 8 "Jessie", this problem has been fixed in version 1.16-1+deb8u6. We recommend that you upgrade your wget packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAly+Lc1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdoKw/+NaKUJ816K0yCadl6df6sttPZBRS3kyYh3TqDuen+XH+5uCHbJPg0H/zh nPG7df39tn2EHX72XEbs0iVAE1aeruSUOp///jGLGjIr1u2ZzmHf9TGmRXX27rSb qY0BXTunrvD4w3IpbxZi4vVYDl1gCQsOLcpa5XmG0siR2NMOLpXXOYV0aanqS+Si QVgljGOpRUkL7vf25IyYrkh1wIfdSGKgc00jvlHSc2maF+p6APbGWjqjpNrmjQhC 9Ie4t/Teld67U+0o2NWCAXuYoAo3kH2VgwN4612/jrpnjq4ps1sp8Q7ed5UpFDhY yaAShX4mhWVNmEJkXnrKUUVenNj6epHmd7Y4PXJfvxmV0+j+ySu3/IZbeU8flWLW +euOOWkRlyYNvlRdBIh4L/7TxXJ2MrqLiXycFsw3HugrbeAAw5npQR3FSQgttoTd gf436w754EJsWrogwdJ7sjG0hI9pcDNeMmnWRPO1NZyo8QECCxA2BMyhKDSHEQ2E dnSy0flCotO/htoYP1zGZ/5MLv12Cmv7pNcuNu348RdE7+XWeDBTvsP0A/mgoKhe vzES5yXBz606mf0Mi6617T+3xgzjZMA03G7V1+C2natUNITdzQ4ebaMDVDdpd89F udSpAwIShxCIDB+DRjHWAaszDaQIqG8eXqU7lgT0DYM73FwksT0= =rz12 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXL6TJ2aOgq3Tt24GAQi3LRAAqezxMc8FPAqVbrO3LNHHJFDQhMivhodQ XYW+Xt/4dr2vjOTFptG3fCqw279mG1RH3kDxFeQb5dapfVXO9wS+ECuh4Jk7OSv9 0sHFpItvUVrbVQyaNOegTQ/2n8feKmBUqN7ko8EsDgwViNErNgP0N/yHOwi3Ykme tDP08z4f9UeArORDWG00m8wVcrttCaedJZHJMzCxvnNLWEw9l6SqUKeuJR5XJJWT 21O8jFbLO4AGerTvvjDAoOPIOcVX/2w+fJBghXrwWlcFjww4pLTJ65kkOUV1HPm8 o8LuWnLXo2fAjQtNR87aN0jyU5+RtQ9SQws1jOFOKZ1QjmDXWgX2UBZxG2FCCxaO ttXIsEC+x53g5+wKVvKTaphraN+zU7FExyskpR72im6tfmV1m9OdycB/ssHl0qpH 0h75MiyvoYW6+vEp2O75Nr8ZjaIfWzbbtf7EG7k38z5LRWvmrIUQuoR+er7LKCHd viRsEqvvJyNYMUWzf1cMZ6kU0JSgWTm4CqV2gLZam9qdQCHwFyjZ4IKWoQ6XTk4P 6A7PWLvTcVno0ARSjAiPBGvuUUf8DtvvUM6DvPRedtIlLB8t5NS5er5z/h+FijtY WK9MMj0+nLCDR4ZZzceJDKksrJVOg4j4Ws6JIvIFoJ1xqflEXh5W2NLKoVDUUq2e enx99prw8r0= =JpW/ -----END PGP SIGNATURE-----