[ MDVSA-2014:212 ] wget

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:212
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wget
 Date    : October 29, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated wget package fixes security vulnerability:
 
 Wget was susceptible to a symlink attack which could create arbitrary
 files, directories or symbolic links and set their permissions when
 retrieving a directory recursively through FTP (CVE-2014-4877).
 
 The default settings in wget have been changed such that wget no longer
 creates local symbolic links, but rather traverses them and retrieves
 the pointed-to file in such a retrieval. The old behaviour can be
 attained by passing the --retr-symlinks=no option to the wget co

007 Software

[ MDVSA-2014:212 ] wget

Leave a Reply Cancel reply

Software and Security Information