Ubuntu

WGET?

Asked by john

I tried using AskUbuntu but the TAG would not let me submit anything.
What is with the TAGs limiting query issues?
---------------------
My problem;
I am running Ubuntu 12.4
Today I got an update to WGET.
When I ran "wget -V" I got;
GNU Wget 1.13.4 built on linux-gnu.
How can this be?

With the news;
"Wget versions prior to 1.16 are vulnerable to a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target,"

All documentation indicates that one should upgrade to wget 1.16.
Why is the update so out of date?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#1

You have to understand the Ubuntu release philosophy.
The packages in older Ubuntu releases are usually not upgraded to higher versions, but in case of a security vulnerability the older versions are patched.

From http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4877.html you can see that the CVE-2014-4877 problem was already solved in all supported Ubuntu releases.

If the terminal command

dpkg -l | grep wget

shows 1.13.4-2ubuntu1.2 or higher, then you can be sure that you have a patched version. If not, please start update-manager to install the updated version.

Revision history for this message
john (j-ubuntu-one) said : 		#2

Thanks Manfred Hampl, that solved my question.