Oval Definition:oval:com.redhat.rhsa:def:20091549
Revision Date:2009-11-03Version:635
Title:RHSA-2009:1549: wget security update (Moderate)
Description:GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP.

  • Daniel Stenberg reported that Wget is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Wget into accepting it by mistake. (CVE-2009-3490)

    Wget users should upgrade to this updated package, which contains a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-3490
    RHSA-2009:1549
    RHSA-2009:1549-01
    RHSA-2009:1549-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND wget is earlier than 0:1.10.2-0.30E.1
  • AND wget is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND wget is earlier than 0:1.10.2-1.el4_8.1
  • AND wget is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND wget is earlier than 0:1.11.4-2.el5_4.1
  • AND wget is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND wget is earlier than 0:1.10.2-0.30E.1
  • AND wget is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND wget is earlier than 0:1.10.2-1.el4_8.1
  • AND wget is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND wget is earlier than 0:1.11.4-2.el5_4.1
  • AND wget is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND wget is earlier than 0:1.10.2-1.el4_8.1
  • AND wget is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND wget is earlier than 0:1.11.4-2.el5_4.1
  • AND wget is signed with Red Hat redhatrelease2 key
    • BACK