Amazon Linux 1 Security Advisory: ALAS-2017-916
Advisory Release Date: 2017-10-26 19:41 Pacific
Advisory Updated Date: 2017-10-26 23:12 Pacific
Heap-based buffer overflow in HTTP protocol handling
A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13090)
Stack-based buffer overflow in HTTP protocol handling
A stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13089)
Affected Packages:
wget
Issue Correction:
Run yum update wget to update your system.
i686:
wget-debuginfo-1.18-3.28.amzn1.i686
wget-1.18-3.28.amzn1.i686
src:
wget-1.18-3.28.amzn1.src
x86_64:
wget-1.18-3.28.amzn1.x86_64
wget-debuginfo-1.18-3.28.amzn1.x86_64