Advisories ยป MGASA-2018-0244

Updated wget packages fix security vulnerabilities

Publication date: 16 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-0494

Description

Harry Sintonen discovered that wget does not properly handle '\r\n' from
continuation lines while parsing the Set-Cookie HTTP header. A malicious
web server could use this flaw to inject arbitrary cookies to the cookie
jar file, adding new or replacing existing cookie values (CVE-2018-0494).

The Mageia 6 package has been updated to version 1.19.5, which fixes this
issue as well as other possible security issues found by fuzzing.  The
Mageia 5 package has been patched to fix CVE-2018-0494.
                

References

SRPMS

6/core

5/core