wget security update

CentOS Errata and Security Advisory CESA-2016:2587

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.

Security Fix(es):

• It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971)

Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2016-November/029827.html

Affected packages:
wget

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2587