Important: wget

2017-10-26T23:12:00
ID ALAS-2017-916
Type amazon
Reporter Amazon
Modified 2017-10-26T23:12:00

Description

Issue Overview:

Heap-based buffer overflow in HTTP protocol handling
A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13090 __)

Stack-based buffer overflow in HTTP protocol handling
A stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13089 __)

Affected Packages:

wget

Issue Correction:
Run yum update wget to update your system.

New Packages:

i686:  
    wget-debuginfo-1.18-3.28.amzn1.i686  
    wget-1.18-3.28.amzn1.i686

src:  
    wget-1.18-3.28.amzn1.src

x86_64:  
    wget-1.18-3.28.amzn1.x86_64  
    wget-debuginfo-1.18-3.28.amzn1.x86_64