Advisories » MGASA-2024-0378

Updated wget packages fix security vulnerability

Publication date: 27 Nov 2024
Modification date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10524

Description

Applications that use Wget to access a remote resource using shorthand
URLs and pass arbitrary user credentials in the URL are vulnerable. In
these cases attackers can enter crafted credentials which will cause
Wget to access an arbitrary host. (CVE-2024-10524)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33780
• https://www.openwall.com/lists/oss-security/2024/11/18/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10524

SRPMS

9/core

• wget-1.21.4-1.2.mga9