(RHSA-2005:812) wget security update

2005-11-0200:00:00

access.redhat.com

0.023 Low

EPSS

Percentile

89.7%

JSON

GNU Wget is a file retrieval utility that can use either the HTTP or
FTP protocols.

A stack based buffer overflow bug was found in the wget implementation of
NTLM authentication. An attacker could execute arbitrary code on a user’s
machine if the user can be tricked into connecting to a malicious web
server using NTLM authentication. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3185 to this issue.

All users of wget are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64wget< 1.10.2-0.40Ewget-1.10.2-0.40E.x86_64.rpm
RedHatanyia64wget< 1.10.2-0.40Ewget-1.10.2-0.40E.ia64.rpm
RedHatanyia64wget< 1.10.2-0.30Ewget-1.10.2-0.30E.ia64.rpm
RedHatanyppcwget< 1.10.2-0.40Ewget-1.10.2-0.40E.ppc.rpm
RedHatanyppcwget< 1.10.2-0.30Ewget-1.10.2-0.30E.ppc.rpm
RedHatanyx86_64wget< 1.10.2-0.30Ewget-1.10.2-0.30E.x86_64.rpm
RedHatanys390wget< 1.10.2-0.40Ewget-1.10.2-0.40E.s390.rpm
RedHatanyi386wget< 1.10.2-0.40Ewget-1.10.2-0.40E.i386.rpm
RedHatanyi386wget< 1.10.2-0.AS21wget-1.10.2-0.AS21.i386.rpm
RedHatanyia64wget< 1.10.2-0.AS21wget-1.10.2-0.AS21.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	wget	< 1.10.2-0.40E	wget-1.10.2-0.40E.x86_64.rpm
RedHat	any	ia64	wget	< 1.10.2-0.40E	wget-1.10.2-0.40E.ia64.rpm
RedHat	any	ia64	wget	< 1.10.2-0.30E	wget-1.10.2-0.30E.ia64.rpm
RedHat	any	ppc	wget	< 1.10.2-0.40E	wget-1.10.2-0.40E.ppc.rpm
RedHat	any	ppc	wget	< 1.10.2-0.30E	wget-1.10.2-0.30E.ppc.rpm
RedHat	any	x86_64	wget	< 1.10.2-0.30E	wget-1.10.2-0.30E.x86_64.rpm
RedHat	any	s390	wget	< 1.10.2-0.40E	wget-1.10.2-0.40E.s390.rpm
RedHat	any	i386	wget	< 1.10.2-0.40E	wget-1.10.2-0.40E.i386.rpm
RedHat	any	i386	wget	< 1.10.2-0.AS21	wget-1.10.2-0.AS21.i386.rpm
RedHat	any	ia64	wget	< 1.10.2-0.AS21	wget-1.10.2-0.AS21.ia64.rpm