[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Should we upgrade wget?
- Subject: [cobalt-security] Should we upgrade wget?
- From: "Jelmer Jellema" <lists@xxxxxxxxxxxxxxx>
- Date: Thu, 12 Dec 2002 15:47:58 +0100
- Organization: Spin in het Web (www.spininhetweb.nl)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
I just read a message in redhat-announce
(http://rhn.redhat.com/errata/RHSA-2002-229.html) about wget versions <
1.8.2-4.
I did not read anything about this on this list (or I did not pay attention,
which is true either way). The message says:
---------
3. Problem description:
Versions of wget prior to 1.8.2-4 contain a bug that permits a malicious
FTP server to create or overwrite files anywhere on the local file system.
-----
On my RaQ-4, I have wget 1.5.3, right from the wget-1.5.3-6 rpm. So I feel
like just updating the rpm. But because maybe this will break my sun-given
configuration, it might be either a bad, or a very good idea.
Any suggestions?
Regards,
Jelmer