Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101415

Update wget to 1.20.3

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done (View Workflow)
    • Priority: Low
    • Resolution: Complete
    • Affects Version/s: 11.2-U3
    • Fix Version/s: 11.2-U4
    • Component/s: OS
    • Labels:

      Description

      In FreeNAS 11.2U3 (current), 'pkg audit -F' reports:

      wget-1.19.4_2 is vulnerable:
      wget -- security flaw in caching credentials passed as a part of the URL
      CVE: CVE-2018-20483
      WWW: https://vuxml.FreeBSD.org/freebsd/a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb.html
      
      wget-1.19.4_2 is vulnerable:
      wget -- cookie injection vulnerability
      CVE: CVE-2018-0494
      WWW: https://vuxml.FreeBSD.org/freebsd/7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236a.html

      Looks like you need to update to the newest, 1.20.3:

      http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS 

      Not sure if those CVEs actually affect FreeNAS, but still...

        Attachments

          Attachments

            Activity

              People

              Assignee:
              mav Alexander Motin
              Reporter:
              seanm Sean McBride
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Summary Panel