==========================================================================
Ubuntu Security Notice USN-3464-2
October 30, 2017

wget vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Wget.

Software Description:
– wget: retrieves files from the web

Details:

USN-3464-1 fixed several vulnerabilities in Wget. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that
 Wget incorrectly handled certain HTTP responses. A remote attacker
 could use this issue to cause Wget to crash, resulting in a denial of
 service, or possibly execute arbitrary code. 
 (CVE-2017-13089, CVE 2017-13090)

 Dawid Golunski discovered that Wget incorrectly handled recursive or
 mirroring mode. A remote attacker could possibly use this issue to
 bypass intended access list restrictions. (CVE-2016-7098)

 Orange Tsai discovered that Wget incorrectly handled CRLF sequences in
 HTTP headers. A remote attacker could possibly use this issue to
 inject arbitrary HTTP headers. (CVE-2017-6508)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  wget                            1.13.4-2ubuntu1.5

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3464-2
  https://www.ubuntu.com/usn/usn-3464-1
  CVE-2016-7098, CVE-2017-13089, CVE-2017-13090, CVE-2017-6508
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZ9zBCAAoJEEW851uECx9pXWwQAKSluxvy/eyhKt2LqdP5BWV8
neLVpXYDgJraKg2qxElhIxOtH1CZTpOHNf+RKxfOkk0FQr+uM8docVMs4CbTLAeU
1GpdQ7LORJhZqOXsZqCYoLLyeCKHzwojJBX4CFhkVqTP8FqNP1eRlAEKvz07iXbZ
mpe66CxGueC+oh8bF3UhZ/gZ69hqRWcSbequSkcxDS02wxGSx1Cd1cz7gFjsvyiQ
5UhiJDBPxFn4XaVDFOBzwN9xIsVKjN7/1TteP9O6Y2LkE2hPdRkuDIk4CCl7pL95
LgxS7jimsBd9qD4IcnxxerMCrnGPjANq8a0WfBVJNBIv5TvqzfADOuMPuWydFboI
/KkD0ODcA+z73YPLxVwganin+63eOQc27cu82/du6SjFRYTbXT1Dsd+WnUU3fNLA
x9wVdolm5J4x5JlkM7FfJSuBTbQeu5SNV8Jy/1fITInf0+MEVPlQ/x5Rwj+91Znq
zXHopHdLX738oGegW4A4DGk7LYA0m8VVO1Z0DaqawYPPt1r1kIiRJ2cPda9Z30d9
eLnQpUjGu0jf5YJzfgCPrsgMt2sMO88ffTJRDcVJ3kFxJ8/UOTWqBccNxBPNzOjO
avS5quElpSVcMd+6X2xyHj1mc5VrUvCiG5x+FKUMSDQsQCn/sNNYsue0cTLBlDSH
/ruCIvNcrfmtbAXR1tAF
=fmfp
—–END PGP SIGNATURE—–
—