Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

SciLinux: SLSA-2016:2587-2 Moderate wget Security Fix on SL7.x x86_64

Calendar Dec 14, 2016 User Avatar LinuxSecurity Advisories
1 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate security fix wget ftp exploit scilinux
Moderate: wget security and bug fix update 
Date: Wed, 14 Dec 2016 18:06:26 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Moderate: wget on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161214180626.15410.20833@slpackages.fnal.gov>

Synopsis: Moderate: wget security and bug fix update
Advisory ID: SLSA-2016:2587-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-4971
--

Security Fix(es):

* It was found that wget used a file name provided by the server for the
downloaded file when following an HTTP redirect to a FTP server resource.
This could cause wget to create a file with a different name than
expected, possibly allowing the server to execute arbitrary code on the
client. (CVE-2016-4971)
--

SL7
 x86_64
 wget-1.14-13.el7.x86_64.rpm
 wget-debuginfo-1.14-13.el7.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here