[NAS-101415] Update wget to 1.20.3 - iX - Bug Tracker (Jira)

XML

Word

Printable

Details

Type: Improvement
Status: Done (View Workflow)
Priority: Low
Resolution: Complete
Affects Version/s: 11.2-U3
Fix Version/s: 11.2-U4
Component/s: OS
Labels:
- security

Epic Link:
Updated software in TrueNAS 11.2-U5

Description

In FreeNAS 11.2U3 (current), 'pkg audit -F' reports:

wget-1.19.4_2 is vulnerable:
wget -- security flaw in caching credentials passed as a part of the URL
CVE: CVE-2018-20483
WWW: https://vuxml.FreeBSD.org/freebsd/a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb.html

wget-1.19.4_2 is vulnerable:
wget -- cookie injection vulnerability
CVE: CVE-2018-0494
WWW: https://vuxml.FreeBSD.org/freebsd/7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236a.html

Looks like you need to update to the newest, 1.20.3:

http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS

Not sure if those CVEs actually affect FreeNAS, but still...

Adobe XD

Share XD links and collaborate with your team. Learn more |Send feedback

Loading...

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

wget.png
5 kB
23/Apr/19 10:03 AM

Attachments

JEditor

Activity

People

Assignee:: Alexander Motin

Reporter:: Sean McBride

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 12/Apr/19 6:16 PM

Updated:: 03/Jul/19 5:28 PM

Resolved:: 01/May/19 9:35 AM