wget security update

An update is available for wget. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, a...

RLSA-2024:5299 Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

[SECURITY] [DLA 4133-1] wget security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4133-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 21, 2025 https://wiki.debian.org/LTS -...

SUSE-SU-2025:0366-1 Security update for wget

This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. bsc1185551...

SUSE-SU-2025:20010-1 Security update for wget

This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 - Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...

SUSE-SU-2024:4138-1 Security update for wget

This update for wget fixes the following issues: - CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773...

MGASA-2024-0378 Updated wget packages fix security vulnerability

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524...

[SECURITY] [DLA 2086-1] wget security update

Package : wget Version : 1.16-1+deb8u7 CVE ID : CVE-2016-7098 An issue has been found in wget, a tool to retrieve files from the web. A race condition might occur as files rejected by an access list are kept on the disk for the duration of a HTTP connection. For Debian 8 "Jessie", this problem ha...

MGASA-2019-0015 Updated wget packages fix security vulnerability

Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes xattrs of the file system - by default. This includes username + password and other credentials or private data if those have been used within the URLs. Anyone with read access to those files...

MGASA-2018-0244 Updated wget packages fix security vulnerabilities

Harry Sintonen discovered that wget does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values CVE-2018-0494. The...

MGASA-2017-0104 Updated wget packages fix security vulnerability

Wget up untill version 1.19.1 does not ensure control characters are not used in the hostname part of a url. This security update rejects control characters in host part of a url...

SUSE-SU-2017:0800-1 Security update for wget

This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: urlparse: Reject control characters in host part of URL bsc1028301...

Moderate: Red Hat Security Advisory: wget security update

The wget packages shipped with Red Hat Linux Advanced Server 2.1 contain a security bug which, under certain circumstances, can cause local files to be written outside the download directory. Updated 09 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fix...