SuseSUSE-SU-2017:2871-1

HistoryOct 27, 2017 - 6:53 p.m.

Security update for wget (important)

2017-10-2718:53:31

lists.opensuse.org

0.707 High

EPSS

Percentile

97.7%

JSON

This update for wget fixes the following security issues:

CVE-2017-13089,CVE-2017-13090: Missing checks for negative
remaining_chunk_size in skip_short_body and fd_read_body could cause
stack buffer overflows, which could have been exploited by malicious
servers. (bsc#1064715,bsc#1064716)

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server for Raspberry Pi12.2aarch64wget-debugsource< 1.14-21.3.1wget-debugsource-1.14-21.3.1.aarch64.rpm
SUSE Linux Enterprise Server for Raspberry Pi12.2aarch64wget< 1.14-21.3.1wget-1.14-21.3.1.aarch64.rpm
SUSE Linux Enterprise Server for Raspberry Pi12.2aarch64wget-debuginfo< 1.14-21.3.1wget-debuginfo-1.14-21.3.1.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server for Raspberry Pi	12.2	aarch64	wget-debugsource	< 1.14-21.3.1	wget-debugsource-1.14-21.3.1.aarch64.rpm
SUSE Linux Enterprise Server for Raspberry Pi	12.2	aarch64	wget	< 1.14-21.3.1	wget-1.14-21.3.1.aarch64.rpm
SUSE Linux Enterprise Server for Raspberry Pi	12.2	aarch64	wget-debuginfo	< 1.14-21.3.1	wget-debuginfo-1.14-21.3.1.aarch64.rpm

References

bugzilla.suse.com/1064715

bugzilla.suse.com/1064716

fedora 5

osv 4

nessus 26

debian 2

centos 1

amazon 1

openvas 19

photon 4

redhat 1

oraclelinux 2

ibm 3

suse 2

mageia 1

gentoo 1

slackware 1

archlinux 1

cloudfoundry 1

ubuntu 2

veracode 2

zdt 1

debiancve 2

redhatcve 2

seebug 1

checkpoint_advisories 1

hackerone 2

ubuntucve 2

alpinelinux 2

f5 2

cve 2

prion 2

freebsd 2

fedora

[SECURITY] Fedora 25 Update: wget-1.19.2-1.fc25

2017-11-15 22:30:18

[SECURITY] Fedora 27 Update: wget-1.19.2-1.fc27

2017-11-15 17:57:17

[SECURITY] Fedora 26 Update: wget-1.19.2-1.fc26

2017-11-07 22:22:02

osv

wget - security update

2017-10-27 00:00:00

wget - security update

2017-10-28 00:00:00

CVE-2017-13090

2017-10-27 19:29:00

nessus

Photon OS 2.0: Wget PHSA-2017-0046

2019-02-07 00:00:00

Fedora 26 : wget (2017-f0b3231763)

2017-11-08 00:00:00

SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2017:2871-2)

2017-11-17 00:00:00

debian

[SECURITY] [DSA 4008-1] wget security update

2017-10-28 14:36:08

[SECURITY] [DLA 1149-1] wget security update

2017-10-27 21:26:10

centos

wget security update

2017-10-27 11:02:39

amazon

Important: wget

2017-10-26 19:41:00

openvas

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2017-1269)

2020-01-23 00:00:00

Mageia: Security Advisory (MGASA-2017-0396)

2022-01-28 00:00:00

Fedora Update for wget FEDORA-2017-de8a421dcd

2017-11-23 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0047

2017-11-23 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0046

2017-11-28 00:00:00

Important Photon OS Security Update - PHSA-2017-0087

2017-11-23 00:00:00

redhat

(RHSA-2017:3075) Important: wget security update

2017-10-26 16:09:21

oraclelinux

wget security update

2017-10-26 00:00:00

wget security and bug fix update

2018-11-05 00:00:00

ibm

Security Bulletin: Vulnerabilities in wget affect PowerKVM

2018-06-18 01:39:24

Security Bulletin: IBM Security Access Manager Appliance is affected by vulnerabilities in the wget package (CVE-2017-13090, CVE-2017-13089)

2018-06-16 22:05:42

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20 18:56:04

suse

Security update for wget (important)

2017-11-16 15:08:57

Security update for wget (important)

2017-10-28 00:14:14

mageia

Updated wget packages fix security vulnerabilities

2017-10-30 22:23:17

gentoo

GNU Wget: Multiple vulnerabilities

2017-11-11 00:00:00

slackware

[slackware-security] wget

2017-10-27 20:55:58

archlinux

[ASA-201710-34] wget: multiple issues

2017-10-29 00:00:00

cloudfoundry

USN-3464-1: Wget vulnerabilities | Cloud Foundry

2017-11-27 00:00:00

ubuntu

Wget vulnerabilities

2017-10-30 00:00:00

Wget vulnerabilities

2017-10-26 00:00:00

veracode

Arbitrary Code Execution

2019-01-15 09:20:27

Arbitrary Code Execution

2019-05-02 06:37:20

zdt

Wget HTTP integer overflow Exploit

2017-11-27 00:00:00

debiancve

CVE-2017-13089

2017-10-27 19:29:00

CVE-2017-13090

2017-10-27 19:29:00

redhatcve

CVE-2017-13089

2017-10-26 16:19:23

CVE-2017-13090

2017-10-26 16:19:09

seebug

wget HTTP integer overflow(CVE-2017-13089)

2017-11-13 00:00:00

checkpoint_advisories

GNU Wget fd_read_body Heap Buffer Overflow (CVE-2017-13090)

2017-11-16 00:00:00

hackerone

Internet Bug Bounty: CVE-2017-13090 wget heap smash

2017-11-06 09:13:11

Internet Bug Bounty: CVE-2017-13089 wget stack smash

2017-11-06 09:03:49

ubuntucve

CVE-2017-13090

2017-10-26 00:00:00

CVE-2017-13089

2017-10-26 00:00:00

alpinelinux

CVE-2017-13090

2017-10-27 19:29:00

CVE-2017-13089

2017-10-27 19:29:00

K13288506 : Wget vulnerability CVE-2017-13090

2017-11-29 00:00:00

K46552732 : Wget vulnerability CVE-2017-13089

2017-11-29 00:00:00

cve

CVE-2017-13089

2017-10-27 19:29:00

CVE-2017-13090

2017-10-27 19:29:00

prion

Design/Logic Flaw

2017-10-27 19:29:00

Design/Logic Flaw

2017-10-27 19:29:00

freebsd

wget -- Heap overflow in HTTP protocol handling

2017-10-20 00:00:00

wget -- Stack overflow in HTTP protocol handling

2017-10-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc