Scientific Linux Security Update : wget on SL6.x, SL7.x i386/x86_64 (20141030)
A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode using the '-m' command line option to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. CVE-2014-4877 Note: Thi...