Scientific Linux SL6.x & SL7.x: SLSA-2014:1764-1 Moderate wget Threat

Nov 03, 2014 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory update code execution moderate severity wget ftp issue scientific linux

Moderate: wget security update

Date: Mon, 3 Nov 2014 17:52:32 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: wget on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: wget security update
Advisory ID: SLSA-2014:1764-1
Issue Date: 2014-10-30
CVE Numbers: CVE-2014-4877
--

A flaw was found in the way Wget handled symbolic links. A malicious FTP
server could allow Wget running in the mirror mode (using the '-m' command
line option) to write an arbitrary file to a location writable to by the
user running Wget, possibly leading to code execution. (CVE-2014-4877)

Note: This update changes the default value of the --retr-symlinks option.
The file symbolic links are now traversed by default and pointed-to files
are retrieved rather than creating a symbolic link locally.
--

SL6
 x86_64
 wget-1.12-5.el6_6.1.x86_64.rpm
 wget-debuginfo-1.12-5.el6_6.1.x86_64.rpm
 i386
 wget-1.12-5.el6_6.1.i686.rpm
 wget-debuginfo-1.12-5.el6_6.1.i686.rpm
SL7
 x86_64
 wget-1.14-10.el7_0.1.x86_64.rpm
 wget-debuginfo-1.14-10.el7_0.1.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here