DLA 82-1: wget security update

Debian 9897 Published 2014-11-04 06:59 by Philipp Esselbach

News

A wget security update has been released for Debian 6 LTS

Package : wget
Version : 1.12-2.1+deb6u1
CVE ID : CVE-2014-4877

HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line
utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability
allows to create arbitrary files on the user's system when Wget runs in
recursive mode against a malicious FTP server. Arbitrary file creation
may override content of user's files or permit remote code execution with
the user privilege.

This update changes the default setting in Wget such that it no longer
creates local symbolic links, but rather traverses them and retrieves the
pointed-to file in such a retrieval.

4 Slackware Updates

Apple Seeds First OS X 10.10.1 Yosemite Beta to Developers

Windows

Software 42293
Winpilot 3.5.2 released
2024-04-19 05:31 by Philipp Esselbach
Drivers 2878
NVIDIA GeForce Game Ready Driver 552.22 released
2024-04-16 18:48 by Philipp Esselbach
Press Release 841
A new Mini-ITX case from Sharkoon for High-End Hardware
2024-04-16 16:21 by Philipp Esselbach

Linux

Debian 9897
Liquorix Linux Kernel 6.8-8 released
2024-04-19 18:21 by Philipp Esselbach
Software 42293
AM 6.6.1 released
2024-04-19 18:20 by Philipp Esselbach
Software 42293
Winpilot 3.6.0 released
2024-04-19 18:18 by Philipp Esselbach

macOS

Apple 10154
tvOS 17.5 Beta 2 released
2024-04-17 07:22 by Philipp Esselbach
Apple 10154
macOS Sonoma 14.5 Beta 2 released
2024-04-17 07:22 by Philipp Esselbach
Apple 10154
iOS 17.5 and iPadOS 17.5 Beta 2 released
2024-04-17 07:22 by Philipp Esselbach

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...