Oval Definition:oval:com.redhat.rhsa:def:20162587
Revision Date:2016-11-03Version:637
Title:RHSA-2016:2587: wget security and bug fix update (Moderate)
Description:The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.

Security Fix(es):

  • It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971)

    Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-4971
    RHSA-2016:2587
    RHSA-2016:2587-01
    RHSA-2016:2587-02
    RHSA-2016:2587-02
    Platform(s):Red Hat Enterprise Linux 7
    Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5)
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND wget is earlier than 0:1.14-13.el7
  • AND wget is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • wget is earlier than 0:1.14-13.el7
  • AND wget is signed with Red Hat redhatrelease2 key
  • AND Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
    • BACK