Joined: 12 May 2004
|Posted: Sun Nov 16, 2014 9:26 am Post subject: [ GLSA 201411-05 ] GNU Wget: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: GNU Wget: Arbitrary code execution (GLSA 201411-05)
Date: November 16, 2014
An absolute path traversal vulnerability could lead to arbitrary
GNU Wget is a free software package for retrieving files using HTTP,
HTTPS and FTP, the most widely-used Internet protocols.
Vulnerable: < 1.16
Unaffected: >= 1.16
Architectures: All supported architectures
An absolute path traversal vulnerability has been found in GNU Wget.
A remote FTP server is able to write to arbitrary files, and
consequently execute arbitrary code.
There is no known workaround at this time.
All GNU Wget users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/wget-1.16"