Advisories » MGASA-2024-0240

Updated wget packages fix security vulnerability

Publication date: 27 Jun 2024
Modification date: 27 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-38428

Description

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo
subcomponent of a URI, and thus there may be insecure behavior in which
data that was supposed to be in the userinfo subcomponent is
misinterpreted to be part of the host subcomponent. (CVE-2024-38428)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33327
• https://lists.suse.com/pipermail/sle-updates/2024-June/035703.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38428

SRPMS

9/core

• wget-1.21.4-1.1.mga9