Mailinglist Archive: opensuse-security (24 mails)

< Previous Next >
[opensuse-security] Bug in wget: CVE-2014-4877
  • From: Sverre Moe <sverre.moe@xxxxxxxxx>
  • Date: Thu, 30 Oct 2014 10:20:56 +0100
  • Message-id: <CALAJ+5DHPTXGd0TXTSXGM7c6MosX9_2ZROBM-0ZMEL=23X0BqQ@mail.gmail.com>
A new version of wget is out, 1.16

http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html
* Noteworthy changes in Wget 1.16
** No longer create local symbolic links by default. Closes CVE-2014-4877.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4877

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

OpenSUSE 13.1 uses wget-1.14
Last changes: Thu May 2 17:50:50 UTC 2013
https://build.opensuse.org/package/show/openSUSE:13.1/wget

OpenSUSE 13.2 uses wget-1.15
Last changes: Sun Jan 19 22:02:25 UTC 2014
https://build.opensuse.org/package/show/openSUSE:13.2/wget

When will we see a fix for wget on OpenSUSE?
I also use some SLES and have not seen any indication that SUSE is on
this either.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation