USN-982-1: Wget vulnerability

Ubuntu Security Notice USN-982-1

2nd September, 2010

wget vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Software description

  • wget


It was discovered that Wget would use filenames provided by the server when
following 3xx redirects. If a user or automated system were tricked into
downloading a file from a malicious site, a remote attacker could create
the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:
wget 1.12-1.1ubuntu2.1
Ubuntu 9.10:
wget 1.11.4-2ubuntu2.1
Ubuntu 9.04:
wget 1.11.4-2ubuntu1.2
Ubuntu 8.04 LTS:
wget 1.10.2-3ubuntu1.2
Ubuntu 6.06 LTS:
wget 1.10.2-1ubuntu1.2

To update your system, please follow these instructions:

In general, a standard system update will make all the necessary changes.

ATTENTION: This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous behaviour,
use the new --trust-server-names option.