Bug 1064715 - (CVE-2017-13089) VUL-0: CVE-2017-13089: wget: Missing check for negative remaining_chunk_size in skip_short_body causes buffer overflow
(CVE-2017-13089)
VUL-0: CVE-2017-13089: wget: Missing check for negative remaining_chunk_size ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/194011/
CVSSv3:SUSE:CVE-2017-13089:8.8:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-23 15:29 UTC by Johannes Segitz
Modified: 2017-11-21 08:13 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-10-23 15:29:57 UTC
Created attachment 745522 [details]
Upstream patch

From: NCSC-FI Vulnerability Co-ordination

 * [PATCH 1/2] Fix stack overflow in HTTP protocol handling (CVE-2017-13089)

Both vulnerabilities have RCE potential and they are quite simple to
exploit.

We were contacted by the researchers and agreed to handle the
publication of the patches for the GNU Wget project.
Comment 1 Johannes Segitz 2017-10-23 15:30:27 UTC
CRD: 2017-10-26 12:00 +0000

>= SLE 12 affected
Comment 2 Josef Möllers 2017-10-24 07:51:19 UTC
https://build.suse.de/request/show/144681
Comment 3 Johannes Segitz 2017-10-24 08:27:52 UTC
CRD: 2017-10-26 15:00 +0000
Comment 4 Johannes Segitz 2017-10-27 06:32:40 UTC
public
Comment 5 Swamp Workflow Management 2017-10-27 16:53:45 UTC
SUSE-SU-2017:2871-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1064715,1064716
CVE References: CVE-2017-13089,CVE-2017-13090
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    wget-1.14-21.3.1
Comment 6 Bernhard Wiedemann 2017-10-27 18:01:34 UTC
This is an autogenerated message for OBS integration:
This bug (1064715) was mentioned in
https://build.opensuse.org/request/show/537227 Factory / wget
Comment 7 Andreas Stieger 2017-10-27 18:45:54 UTC
Release for Leap, submitted to Factory. Closing.
Comment 8 Swamp Workflow Management 2017-10-27 22:14:26 UTC
openSUSE-SU-2017:2884-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1064715,1064716
CVE References: CVE-2017-13089,CVE-2017-13090
Sources used:
openSUSE Leap 42.3 (src):    wget-1.14-12.1
openSUSE Leap 42.2 (src):    wget-1.14-8.6.1
Comment 9 Swamp Workflow Management 2017-11-16 14:09:07 UTC
SUSE-SU-2017:2871-2: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1064715,1064716
CVE References: CVE-2017-13089,CVE-2017-13090
Sources used:
SUSE OpenStack Cloud 6 (src):    wget-1.14-21.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    wget-1.14-21.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    wget-1.14-21.3.1
SUSE Linux Enterprise Server 12-SP2 (src):    wget-1.14-21.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    wget-1.14-21.3.1
SUSE Linux Enterprise Server 12-LTSS (src):    wget-1.14-21.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    wget-1.14-21.3.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    wget-1.14-21.3.1
Comment 10 Tristan Ye 2017-11-21 04:24:52 UTC
Dear all, will this vulnerability affect SLES 11SP1?
Comment 11 Andreas Stieger 2017-11-21 08:13:39 UTC
(In reply to Tristan Ye from comment #10)
> Dear all, will this vulnerability affect SLES 11SP1?

https://www.suse.com/de-de/security/cve/CVE-2017-13089/

No.