Mageia 6: MGASA-2019-0015 Moderate: Wget Credentials Leakage
mageia
January 5, 2019
Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes (xattrs) of the file system - by default
Summary
Since version 1.19 Wget stores the URL and in certain cases the
'Referer' URL within extended attributes (xattrs) of the file system
- by default.
This includes username + password and other credentials or private data
*if* those have been used within the URLs. Anyone with read access to
those files might also read the xattrs and might use the data.
Wget 1.20.1 or higher will not use xattrs by default any more. To enable
it again you have to use the --xattr option or xattr command for .wgetrc
files. (CVE-2018-20483)
References
- https://bugs.mageia.org/show_bug.cgi?id=24109
- https://www.openwall.com/lists/oss-security/2019/01/01/1
- https://www.cve.org/CVERecord?id=CVE-2018-20483
Topics Covered
Resolution
SRPMS
- 6/core/wget-1.20.1-1.mga6
PREVIOUS
NEXT
Publication date: 05 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0015.html
Type: security
CVE: CVE-2018-20483
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!