Scientific Linux Security Update : wget on SL6.x, SL7.x i386/x86_64
High Nessus Plugin ID 78854
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution.
Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally.
SolutionUpdate the affected wget and / or wget-debuginfo packages.