-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:212
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : wget
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated wget package fixes security vulnerability:
Wget was susceptible to a symlink attack which could create arbitrary
files, directories or symbolic links and set their permissions when
retrieving a directory recursively through FTP (CVE-2014-4877).
The default settings in wget have been changed such that wget no longer
creates local symbolic links, but rather traverses them and retrieves
the pointed-to file in such a retrieval. The old behaviour can be
attained by passing the --retr-symlinks=no option to the wget co