Updated wget packages fix security vulnerability
Publication date: 28 Sep 2016Modification date: 28 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4971 , CVE-2016-7098
Description
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource (CVE-2016-4971). Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only (CVE-2016-7098).
References
SRPMS
5/core
- wget-1.15-5.1.mga5