what you don't know can hurt you

Debian Security Advisory 4195-1

Debian Security Advisory 4195-1
Posted May 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-0494
MD5 | 0a8ebefedcc50cb36f81573bebaba542

Debian Security Advisory 4195-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4195-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wget
CVE ID : CVE-2018-0494
Debian Bug : 898076

Harry Sintonen discovered that wget, a network utility to retrieve files
from the web, does not properly handle '\r\n' from continuation lines
while parsing the Set-Cookie HTTP header. A malicious web server could
use this flaw to inject arbitrary cookies to the cookie jar file, adding
new or replacing existing cookie values.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.16-1+deb8u5.

For the stable distribution (stretch), this problem has been fixed in
version 1.18-5+deb9u2.

We recommend that you upgrade your wget packages.

For the detailed security status of wget please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/wget

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrxemlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0ThxQ/9FYza3/uH04QOLtluPk5H60uqOsbt2fza1vkZ+7xx3TzD72Ekge72F+j/
iexJmwe8HKLO7na27k2aIhR5abdUjhKjhM8NCwX/0Va6AJpO+5P98mbMQ+gMO/01
imwVtCJNT/bk0/nwbj6vJFzkG0NC1V7Y4v7/fnccChkvehgql82FtDT6FK0vmVpg
X2NVuDahvtUEuA4bSeqD5DUVLzRbLtZsC0iLMqaRDoeVQVQ50ZLXWOZU02SVwg5v
xtoqdGANxNRBceQ9n2SfaDnJFZD/oBbMdg6if5/jJdfZUKQMs2PQmOMgOzItHEnj
Zw5btNdyhqYs7aPAYjWpapWkvEN1cZfI+/s8vAuiLO9F5i1u8ffLWekU+5vPQboG
2kzZJewyT6I9ngh28z+jlorGQrAiAE7XhUqUAORBX/gY0EyORLm0476BIUlyl8Xe
KdKc9IHGaPAF8HlS46FGfMCmEPO+Ad8YUV+m3GPjCuLSfvvHZ0X35saESKW09qOo
pN2i3O8mkWzoH79qcOubuekyf79xcov1dS/SZgTD3K+ExQAwjOIHHTK82N9jfjtC
WyB/x0DKe5gc81kdSwf8plj47WEy6Y1mIZwtbEqJRbxSMuEGvNWwv0Onxp7tnoeB
I+CDhRHrJAmYQTaIpz3MaxoLEFpFtQ34+eo52QUyzvcv/mas+ug=
=vQ4n
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close