wget security update

2005-11-03T05:22:50
ID CESA-2005:812-00
Type centos
Reporter CentOS Project
Modified 2005-11-03T05:22:50

Description

CentOS Errata and Security Advisory CESA-2005:812-00

GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols.

A stack based buffer overflow bug was found in the wget implementation of NTLM authentication. An attacker could execute arbitrary code on a user's machine if the user can be tricked into connecting to a malicious web server using NTLM authentication. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3185 to this issue.

All users of wget are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-November/024415.html

Affected packages: wget

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html