漏洞处理-GNU Wget缓冲区错误漏洞on Ubuntu

问题描述

登录阿里云,看到醒目的红色警报,点开是主机上存在漏洞: GNU Wget缓冲区错误漏洞,给到的参考链接: securitytracker.com显示要升级到版本1.19.2。

升级过程中,遇到了点问题,Google后解决,记录下整个升级步骤。

具体步骤

查看版本

wget -V

显示是GNU Wget 1.17.1 built on linux-gnu.

删掉旧版本:

apt-get remove wget

安装1.19.2或者更高版本,见http://ftp.gnu.org/gnu/wget/, 目前最新版本是1.19.4

wget http://ftp.gnu.org/gnu/wget/wget-1.19.4.tar.gz
tar -zxvf wget-1.19.4.tar.gz
cd wget-1.19.4
./configure --with-ssl=openssl

执行完./configure 后报错:

configure: error: The pkg-config script could not be found or is too old.  Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.

Alternatively, you may set the environment variables XMEDCON_GLIB_CFLAGS
and XMEDCON_GLIB_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

装pkg-config:

apt-get install -y pkg-config

再次执行:

./configure --with-ssl=openssl

成功的话,会发现最后生成了Makefile:

config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating doc/Makefile
config.status: creating util/Makefile
config.status: creating po/Makefile.in
config.status: creating tests/Makefile
config.status: creating lib/Makefile
config.status: creating testenv/Makefile
config.status: creating tests/certs/interca.conf
config.status: creating tests/certs/rootca.conf
config.status: creating src/config.h
config.status: executing depfiles commands
config.status: executing po-directories commands
config.status: creating po/POTFILES
config.status: creating po/Makefile

此时,执行:

make && make install

查看版本:

wget -V

显示:
GNU Wget 1.19.4 built on linux-gnu.

OK!

参考

GNU Wget缓冲区溢出漏洞

cannot find pkg-config-error