GLSA-201806-01 : GNU Wget: Cookie injection
Medium Nessus Plugin ID 110522
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201806-01 (GNU Wget: Cookie injection)
A vulnerability was discovered in GNU Wget’s resp_new function which does not validate \\r\\n sequences in continuation lines.
A remote attacker could inject arbitrary cookie entry requests.
There is no known workaround at this time.
SolutionAll GNU Wget users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/wget-1.19.5'