openssl096b, wget security update

CentOS Errata and Security Advisory CESA-2005:830

GNU Wget is a file retrieval utility that can use either the HTTP or
FTP protocols.

A stack based buffer overflow bug was found in the wget implementation of
NTLM authentication. An attacker could execute arbitrary code on a user’s
machine if the user can be tricked into connecting to a malicious web
server using NTLM authentication. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3185 to this issue.

All users of wget are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-November/074514.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074516.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074519.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074520.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074532.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074533.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074535.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074536.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074537.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074538.html

Affected packages:
openssl096b
wget

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:812
https://access.redhat.com/errata/RHSA-2005:830