Advisories ยป MGASA-2019-0015

Updated wget packages fix security vulnerability

Publication date: 05 Jan 2019
Modification date: 05 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20483

Description

Since version 1.19 Wget stores the URL and in certain cases the
'Referer' URL within extended attributes (xattrs) of the file system
- by default.
This includes username + password and other credentials or private data
*if* those have been used within the URLs. Anyone with read access to
those files might also read the xattrs and might use the data.
Wget 1.20.1 or higher will not use xattrs by default any more. To enable
it again you have to use the --xattr option or xattr command for .wgetrc
files. (CVE-2018-20483)
                

References

SRPMS

6/core