MGASA-2019-0015

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0015.html

Import Source

https://advisories.mageia.org/MGASA-2019-0015.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0015

Related

CVE-2018-20483

Published

2019-01-05T21:49:27Z

Modified

2019-01-05T21:23:44Z

Summary

Updated wget packages fix security vulnerability

Details

Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes (xattrs) of the file system - by default. This includes username + password and other credentials or private data if those have been used within the URLs. Anyone with read access to those files might also read the xattrs and might use the data. Wget 1.20.1 or higher will not use xattrs by default any more. To enable it again you have to use the --xattr option or xattr command for .wgetrc files. (CVE-2018-20483)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / wget

Package

Name: wget
Purl: pkg:rpm/mageia/wget?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.1-1.mga6

Ecosystem specific

{
    "section": "core"
}