Support Content Notification - Support Portal

USN-6852-1: Wget vulnerability

Product/Component

Notification Id

24757

Last Updated

22 August 2024

Initial Publication Date

22 August 2024

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

CVE-2024-38428

Severity

medium

Vendor

VMware Tanzu

Versions Affected

Canonical Ubuntu 22.04
Cflinuxfs4
Operations Manager Image 3.0.x

Description

It was discovered that Wget incorrectly handled semicolons in the userinfo subcomponent of a URI. A remote attacker could possibly trick a user into connecting to a different host than expected. Update Instructions: Run `sudo pro fix USN-6852-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.20.3-1ubuntu2.1 No subscription required.

Fixed VMware Products and Versions

Cflinuxfs4

1.99.0 or greater

Jammy Stemcells

1.486 or greater

References

https://ubuntu.com/security/notices/USN-6852-1

https://www.cloudfoundry.org/blog/usn-6852-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6852-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24757

History

2024-06-26: Initial vulnerability report published.