ALAS-2017-916


Amazon Linux AMI Security Advisory: ALAS-2017-916
Advisory Release Date: 2017-10-26 23:12 Pacific
Severity: Important

Issue Overview:

Heap-based buffer overflow in HTTP protocol handling
A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13090 )

Stack-based buffer overflow in HTTP protocol handling
A stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13089 )


Affected Packages:

wget


Issue Correction:
Run yum update wget to update your system.

New Packages:
i686:
    wget-debuginfo-1.18-3.28.amzn1.i686
    wget-1.18-3.28.amzn1.i686

src:
    wget-1.18-3.28.amzn1.src

x86_64:
    wget-1.18-3.28.amzn1.x86_64
    wget-debuginfo-1.18-3.28.amzn1.x86_64