LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: wget security and bug fix update
Advisory ID:       SLSA-2016:2587-2
Issue Date:        2016-11-03
CVE Numbers:       CVE-2016-4971
--

Security Fix(es):

* It was found that wget used a file name provided by the server for the
downloaded file when following an HTTP redirect to a FTP server resource.
This could cause wget to create a file with a different name than
expected, possibly allowing the server to execute arbitrary code on the
client. (CVE-2016-4971)
--

SL7
  x86_64
    wget-1.14-13.el7.x86_64.rpm
    wget-debuginfo-1.14-13.el7.x86_64.rpm

- Scientific Linux Development Team