Updated wget packages fix security vulnerability
Publication date: 05 Jan 2019Modification date: 05 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20483
Description
Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes (xattrs) of the file system - by default. This includes username + password and other credentials or private data *if* those have been used within the URLs. Anyone with read access to those files might also read the xattrs and might use the data. Wget 1.20.1 or higher will not use xattrs by default any more. To enable it again you have to use the --xattr option or xattr command for .wgetrc files. (CVE-2018-20483)
References
SRPMS
6/core
- wget-1.20.1-1.mga6