SynopsisThe remote Debian host is missing a security-related update.
DescriptionAntti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.
SolutionUpgrade the wget packages.
For the oldstable distribution (jessie), these problems have been fixed in version 1.16-1+deb8u4.
For the stable distribution (stretch), these problems have been fixed in version 1.18-5+deb9u1.