Critical vulnerability in pre-1.16 versions of wget fixed
Re: Critical vulnerability in pre-1.16 versions of wget fixed
Does this version of wget in Puppy Linux 4 and Wary etc????????l0wt3ch wrote:Critical vulnerability discovered in wget. New, fixed, verson, tested on Slacko 5.7:
wget-1.16
Last edited by darry1966 on Fri 31 Oct 2014, 23:55, edited 1 time in total.
l0wt3ch, while the updated build is appreciated, the announcement belongs in our security forum.
Lucid, Precise *patched* versions here >> https://launchpad.net/ubuntu/+source/wget
Slacko >> http://slackware.cs.utah.edu/pub/slackw ... s/packages
Lucid, Precise *patched* versions here >> https://launchpad.net/ubuntu/+source/wget
Slacko >> http://slackware.cs.utah.edu/pub/slackw ... s/packages
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/wget-1.14-i486-3_slack14.1.txz: Rebuilt.
This update fixes a symlink vulnerability that could allow an attacker
to write outside of the expected directory.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-4877
(* Security fix *)
+--------------------------+
>>> Living with the immediacy of death helps you sort out your priorities. It helps you live a life less trivial <<<
Oops!Semme wrote:l0wt3ch, while the updated build is appreciated, the announcement belongs in our security forum.
Thanks for this l0wt3ch,
It does not seem to work in Precise 5.7.2:
It is also much bigger than the installed wget 1.13.4. (362k installed) Probably because all locales and the manual are included.
PPM does not find libgnutls.so.28. Pfind says libgnutl.so.26 is installed.
A search on the net was quickly ended, I started to drown in a morass of complexity and extra dependencies.
A guru will be needed
It does not seem to work in Precise 5.7.2:
Code: Select all
wget: error while loading shared libraries: libgnutls.so.28: cannot open shared object file: No such file or directory
PPM does not find libgnutls.so.28. Pfind says libgnutl.so.26 is installed.
A search on the net was quickly ended, I started to drown in a morass of complexity and extra dependencies.
A guru will be needed
[url=http://pupsearch.weebly.com/][img]http://pupsearch.weebly.com/uploads/7/4/6/4/7464374/125791.gif[/img][/url]
[url=https://startpage.com/do/search?q=host%3Awww.murga-linux.com%2F][img]http://i.imgur.com/XJ9Tqc7.png[/img][/url]
[url=https://startpage.com/do/search?q=host%3Awww.murga-linux.com%2F][img]http://i.imgur.com/XJ9Tqc7.png[/img][/url]
l0wt3ch
I have the tar.gz release from gnu org.
Are there any "directory" mods needed to the gnu org release? If there are many, ya don't have to list them... I was about to install to usr/bin as a test.
Where does the pet install?
I have the tar.gz release from gnu org.
Are there any "directory" mods needed to the gnu org release? If there are many, ya don't have to list them... I was about to install to usr/bin as a test.
Where does the pet install?
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
Here..
- Attachments
-
- install_dirs.txt.gz
- (1.04 KiB) Downloaded 443 times
>>> Living with the immediacy of death helps you sort out your priorities. It helps you live a life less trivial <<<
- Dingo
- Posts: 1437
- Joined: Tue 11 Dec 2007, 17:48
- Location: somewhere at the end of rainbow...
- Contact:
wget 1.16 for puppy 3.01
wget 1.16 for puppy 3.01
wget-1.16-i486.pet for puppy 3.01
- compressed with upx (273 KB)
- without nls
wget-1.16-i486.pet for puppy 3.01
- compressed with upx (273 KB)
- without nls
Code: Select all
GNU Wget 1.16 built on linux-gnu.
+digest +https +ipv6 +iri +large-file -nls -ntlm +opie -psl +ssl/gnutls
Wgetrc:
/root/.wgetrc (user)
/usr/etc/wgetrc (system)
Compile:
gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -g -O2
Link:
gcc -g -O2 /usr/lib/libgnutls.so /usr/lib/libgcrypt.so
/usr/lib/libgpg-error.so /usr/lib/libz.a /usr/lib/libnsl.so -lz
-lidn -luuid -lpcre -lrt ftp-opie.o gnutls.o ../lib/libgnu.a
replace .co.cc with .info to get access to stuff I posted in forum
dropbox 2GB free
OpenOffice for Puppy Linux
dropbox 2GB free
OpenOffice for Puppy Linux
Re: wget 1.16 for puppy 3.01
Thanks mirrored here: http://sourceforge.net/projects/puppyli ... rce=navbarDingo wrote:wget 1.16 for puppy 3.01
wget-1.16-i486.pet for puppy 3.01
- compressed with upx (273 KB)
- without nlsCode: Select all
GNU Wget 1.16 built on linux-gnu. +digest +https +ipv6 +iri +large-file -nls -ntlm +opie -psl +ssl/gnutls Wgetrc: /root/.wgetrc (user) /usr/etc/wgetrc (system) Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/etc/wgetrc" -DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -g -O2 Link: gcc -g -O2 /usr/lib/libgnutls.so /usr/lib/libgcrypt.so /usr/lib/libgpg-error.so /usr/lib/libz.a /usr/lib/libnsl.so -lz -lidn -luuid -lpcre -lrt ftp-opie.o gnutls.o ../lib/libgnu.a
wget-1.16-p4-i486.pet
Download:
https://copy.com/7BTNjoEgKhZNL9rI
wget-1.16-w5-i486.pet
Download:
https://copy.com/H3LOm2gOh4MAYP86
I could not compile with ssl in wary: errors. If someone can better do the job he is invited to share the pets. Is openssl needed as configure option compiling wget?
Code: Select all
./configure --prefix=/usr --sysconfdir=/etc --with-ssl=openssl
https://copy.com/7BTNjoEgKhZNL9rI
wget-1.16-w5-i486.pet
Code: Select all
./configure --prefix=/usr --sysconfdir=/etc --without-ssl
https://copy.com/H3LOm2gOh4MAYP86
I could not compile with ssl in wary: errors. If someone can better do the job he is invited to share the pets. Is openssl needed as configure option compiling wget?
Compiled in dpup 487:
wget-1.16-i486-dpup487.pet
wget-1.16-i486-dpup487.pet
puppy.b0x.me stuff mirrored [url=https://drive.google.com/open?id=0B_Mb589v0iCXNnhSZWRwd3R2UWs]HERE[/url] or [url=http://archive.org/details/Puppy_Linux_puppy.b0x.me_mirror]HERE[/url]
- OscarTalks
- Posts: 2196
- Joined: Mon 06 Feb 2012, 00:58
- Location: London, England
Confirmed that in Racy 5.5 I get an error if I try to configure it with openssl, but if I upgrade openssl to version 1.0.1jwatchdog wrote:I could not compile with ssl in wary: errors
Code: Select all
./config --prefix=/usr --openssldir=/etc/ssl shared
Code: Select all
./configure --prefix=/usr --sysconfdir=/etc --build=i486-t2-linux-gnu --disable-nls --disable-debug --with-ssl=openssl --with-openssl=auto
Oscar in England