RHEL 7 : wget (RHSA-2017:3075)
High Nessus Plugin ID 104205
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for wget is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.
Security Fix(es) :
* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)
Red Hat would like to thank the GNU Wget project for reporting these issues.
SolutionUpdate the affected wget and / or wget-debuginfo packages.