Skip to content
This repository has been archived by the owner on Mar 16, 2022. It is now read-only.

1.280.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 09 Apr 20:01
· 6 commits to master since this release
1.280.0
68510dc

Notably, this release addresses:

USN-3943-1 USN-3943-1: Wget vulnerabilities:

  • CVE-2018-20483: set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file'sorigin URL in the user.xdg.origin.url metadata attribute of the extendedattributes of the downloaded file, which allows local users to obtainsensitive information (e.g., credentials contained in the URL) by readingthis attribute, as demonstrated by getfattr. This also applies to Refererinformation in the user.xdg.referrer.url metadata attribute. According to2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially basedon the behavior of fwrite_xattr in tool_xattr.c in curl.
  • CVE-2019-5953: Buffer overflow vulnerability
-ii  libudev1:amd64 204-5ubuntu20.29      amd64  libudev shared library
+ii  libudev1:amd64 204-5ubuntu20.31      amd64  libudev shared library
-ii  udev           204-5ubuntu20.29      amd64  /dev/ and hotplug management daemon
+ii  udev           204-5ubuntu20.31      amd64  /dev/ and hotplug management daemon
-ii  wget           1.15-1ubuntu1.14.04.4 amd64  retrieves files from the web
+ii  wget           1.15-1ubuntu1.14.04.5 amd64  retrieves files from the web
Assets 3
Loading