Closed brianjking closed 8 years ago
Patching wget should be possible the same way it is on native Ubuntu. It's interesting that the updated version of wget isn't coming down via apt-get dist-upgrade but I double checked and I see the same behavior on native Ubuntu 14.04.
@benhillis
bk@BLACKBOX /mnt/c/Users/brian sudo apt show wget
Package: wget
Priority: standard
Section: web
Installed-Size: 651 kB
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Noël Köthe <noel@debian.org>
Version: 1.15-1ubuntu1.14.04.2
Depends: libc6 (>= 2.17), libidn11 (>= 1.13), libssl1.0.0 (>= 1.0.0), libuuid1 (>= 2.16), zlib1g (>= 1:1.1.4)
Recommends: ca-certificates
Conflicts: wget-ssl
Download-Size: 271 kB
Homepage: http://www.gnu.org/software/wget/
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
Task: standard, kubuntu-active, kubuntu-active, mythbuntu-frontend, mythbuntu-desktop, mythbuntu-backend-slave, mythbuntu-backend-slave, mythbuntu-backend-master, mythbuntu-backend-master
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
Description: retrieves files from the web
Wget is a network utility to retrieve files from the web
using HTTP(S) and FTP, the two most widely used internet
protocols. It works non-interactively, so it will work in
the background, after having logged off. The program supports
recursive retrieval of web-authoring pages as well as FTP
sites -- you can use Wget to make mirrors of archives and
home pages or to travel the web like a WWW robot.
.
Wget works particularly well with slow or unstable connections
by continuing to retrieve a document until the document is fully
downloaded. Re-getting files from where it left off works on
servers (both HTTP and FTP) that support it. Both HTTP and FTP
retrievals can be time stamped, so Wget can see if the remote
file has changed since the last retrieval and automatically
retrieve the new version if it has.
.
Wget supports proxy servers; this can lighten the network load,
speed up retrieval, and provide access behind firewalls.
N: There is 1 additional record. Please use the '-a' switch to see it
I wonder if it's an issue with wget-ssl
?
I don't have an actual native Ubuntu 14.x VM to test on, just Ubuntu 16.x which is already patched properly.
Based on the links you provided in your original post 1.15-1ubuntu1.14.04.2 is the correct patched version for 14.04.
We handle updates to the subsystem through our users running apt or apt-get. It looks to me like the package is getting correctly updated, but please reopen if I'm missing something.
Thank you for reporting this.
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4971.html http://www.ubuntu.com/usn/usn-3012-1/