Lucene search
RedHatRHSA-2016:2587HistoryNov 03, 2016 - 6:07 a.m.
(RHSA-2016:2587) Moderate: wget security and bug fix update
2016-11-0306:07:15
access.redhat.com
33
EPSS
0.955
Percentile
99.4%
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.
Security Fix(es):
- It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971)
Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | aarch64 | wget | < 1.14-13.el7 | wget-1.14-13.el7.aarch64.rpm |
| RedHat | 7 | ppc64 | wget | < 1.14-13.el7 | wget-1.14-13.el7.ppc64.rpm |
| RedHat | 7 | ppc64le | wget-debuginfo | < 1.14-13.el7 | wget-debuginfo-1.14-13.el7.ppc64le.rpm |
| RedHat | 7 | ppc64 | wget-debuginfo | < 1.14-13.el7 | wget-debuginfo-1.14-13.el7.ppc64.rpm |
| RedHat | 7 | x86_64 | wget | < 1.14-13.el7 | wget-1.14-13.el7.x86_64.rpm |
| RedHat | 7 | aarch64 | wget-debuginfo | < 1.14-13.el7 | wget-debuginfo-1.14-13.el7.aarch64.rpm |
| RedHat | 7 | x86_64 | wget-debuginfo | < 1.14-13.el7 | wget-debuginfo-1.14-13.el7.x86_64.rpm |
| RedHat | 7 | s390x | wget | < 1.14-13.el7 | wget-1.14-13.el7.s390x.rpm |
| RedHat | 7 | ppc64le | wget | < 1.14-13.el7 | wget-1.14-13.el7.ppc64le.rpm |
| RedHat | 7 | s390x | wget-debuginfo | < 1.14-13.el7 | wget-debuginfo-1.14-13.el7.s390x.rpm |
Related
openvas
openvas
Fedora Update for wget FEDORA-2016-2db8cbc2fd
2016-06-18 00:00:00
Fedora Update for wget FEDORA-2016-e14374472f
2016-06-19 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-720)
2016-10-26 00:00:00
alpinelinux
alpinelinux
CVE-2016-4971
2016-06-30 17:59:07
osv
osv
wget - security update
2016-06-30 00:00:00
CVE-2016-4971
2016-06-30 17:59:00
wget-1.18-2.3 on GA media
2024-06-15 00:00:00
cvelist
cvelist
CVE-2016-4971
2016-06-30 17:00:00
slackware
slackware
[slackware-security] wget
2016-06-13 07:12:06
ibm
ibm
exploitdb
exploitdb
GNU Wget < 1.18 - Arbitrary File Upload (2)
2021-04-30 00:00:00
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution
2016-07-06 00:00:00
nessus
nessus
RHEL 7 : wget (RHSA-2016:2587)
2016-11-04 00:00:00
Oracle Linux 7 : wget (ELSA-2016-2587)
2016-11-11 00:00:00
Fedora 23 : wget (2016-2db8cbc2fd)
2016-07-14 00:00:00
gentoo
gentoo
GNU Wget: Multiple vulnerabilities
2016-10-29 00:00:00
exploitpack
exploitpack
GNU Wget 1.18 - Arbitrary File Upload Remote Code Execution
2016-07-06 00:00:00
cve
cve
CVE-2016-4971
2016-06-30 17:59:07
redhatcve
redhatcve
CVE-2016-4971
2016-06-14 08:18:41
amazon
amazon
Medium: wget
2016-07-14 16:30:00
zdt
zdt
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution
2016-07-06 00:00:00
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution Exploit (2)
2021-04-30 00:00:00
checkpoint_advisories
checkpoint_advisories
GNU wget HTTP Redirect Arbitrary File Overwrite (CVE-2016-4971)
2016-07-06 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: wget-1.18-1.fc22
2016-06-18 04:19:51
[SECURITY] Fedora 23 Update: wget-1.18-1.fc23
2016-06-17 16:02:22
[SECURITY] Fedora 24 Update: wget-1.18-1.fc24
2016-06-18 19:04:34
prion
prion
Cross site request forgery (csrf)
2016-06-30 17:59:00
centos
centos
wget security update
2016-11-25 15:51:17
f5
f5
K55181425 : Wget vulnerability CVE-2016-4971
2016-07-13 00:00:00
SOL55181425 - Wget vulnerability CVE-2016-4971
2016-07-13 00:00:00
debian
debian
[SECURITY] [DLA 536-1] wget security update
2016-06-30 20:12:28
nvd
nvd
CVE-2016-4971
2016-06-30 17:59:07
packetstorm
packetstorm
GNU wget Arbitrary File Upload / Code Execution
2021-04-30 00:00:00
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
2016-07-06 00:00:00
paloalto
paloalto
WGET Vulnerability
2017-05-23 03:00:03
freebsd
freebsd
wget -- HTTP to FTP redirection file name confusion vulnerability
2016-06-09 00:00:00
archlinux
archlinux
wget: arbitrary file overwrite
2016-06-20 00:00:00
ubuntucve
ubuntucve
CVE-2016-4971
2016-06-10 00:00:00
cloudfoundry
cloudfoundry
USN-3012-1 Wget vulnerability | Cloud Foundry
2016-07-13 00:00:00
debiancve
debiancve
CVE-2016-4971
2016-06-30 17:59:07
ubuntu
ubuntu
Wget vulnerability
2016-06-20 00:00:00
mageia
mageia
Updated wget packages fix security vulnerability
2016-09-28 08:59:24
oraclelinux
oraclelinux
wget security and bug fix update
2016-11-09 00:00:00