Advisories » MGASA-2016-0323

Updated wget packages fix security vulnerability

Publication date: 28 Sep 2016
Modification date: 28 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4971 , CVE-2016-7098

Description

GNU wget before 1.18 allows remote servers to write to arbitrary files by
redirecting a request from HTTP to a crafted FTP resource (CVE-2016-4971).

Fixed a potential race condition by creating files with .tmp ext and
making them accessible to the current user only (CVE-2016-7098).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18671
• http://www.ubuntu.com/usn/usn-3012-1
• https://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098

SRPMS

5/core

• wget-1.15-5.1.mga5