Critical vulnerability in pre-1.16 versions of wget fixed

Antivirus, forensics, intrusion detection, cryptography, etc.
Message
Author
darry1966

#31 Post by darry1966 »

To anyone reading this it is a good idea to test puppy package manager after the upgrade, as it uses wget for part of the process of downloading packages from the net.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#32 Post by greengeek »

Has anybody successfully updated the wget in Slacko 5.6? I tried the pet in first post ("tested in slacko 5.7 only") and it breaks my PPM in Slacko5.6 (some issue with looking for a perl lib)

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#33 Post by Semme »

5.6 draws from Slack-14, correct? I'm guessing this *patched version* should be in your PPM..

Yes GG, addressed >> http://www.murga-linux.com/puppy/viewto ... 172#806172
>>> Living with the immediacy of death helps you sort out your priorities. It helps you live a life less trivial <<<

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#34 Post by 8Geee »

Sorry for being VERY late, but I recently noticed a small issue in slacko 5.7-nonpae puppy. I installed the pet, and before S/D checked that it did install, which did happen. Unfortunately, on reboot, there was one missing dependency

libpcre.so.1

Not to worry, a rename during the copy of the symlink seems to have solved.

NOTE if you have installed the pet run wget --version
If it still indicates 1.14 then do the proceedure below
disregarding "BEFORE...."

BEFORE applying the wget upgrade

1.) Open Rox and navigate to /usr/lib and find the symlink named libpcre.so

2.) Right-Click and select COPY

3.) EDIT the name to libpcre.so.1

4.) OK


Not sure if its a "me" problem or general. Posted JIC.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#35 Post by greengeek »

Semme wrote:5.6 draws from Slack-14, correct? I'm guessing this *patched version* should be in your PPM..Yes GG, addressed >> http://www.murga-linux.com/puppy/viewto ... 172#806172
Hi Semme - I'm confused about those updates - they look like they are v 1.14 which I already had prior to updating to v1.16

Turns out 8Geee has put his finger on the perl issue that is stopping v1.16 wget running on my system:
8Geee wrote: libpcre.so.1

Not to worry, a rename during the copy of the symlink seems to have solved.
1.) Open Rox and navigate to /usr/lib and find the symlink named libpcre.so

2.) Right-Click and select COPY

3.) EDIT the name to libpcre.so.1
Thanks 8Geee - solved my problem too (on Slacko 5.6)

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#36 Post by Semme »

Because current binaries are usually paired with newer libs, upgrades aren't always practical. Hence, we patch.

http://www.slackware.com/security/viewe ... ity.493450

Think I'd steer you wrong? Of course not! It's these *packagers* you've gotta watch out for..
>>> Living with the immediacy of death helps you sort out your priorities. It helps you live a life less trivial <<<

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#37 Post by greengeek »

Semme wrote:Because current binaries are usually paired with newer libs, upgrades aren't always practical. Hence, we patch.
Think I'd steer you wrong? Of course not! It's these *packagers* you've gotta watch out for..
Aaahh, ok, I think I understand now - whack! whack! slap, slap, faceplant, slap! Look for patches not necessarily upgrades. Whack! Whack!
Right - I've got it now.
Thx!
:-)

Post Reply