Security
Security
A vulnerability in GNU Wget which could allow an attacker to obtain sensitive information.
| Package | net-misc/wget on all architectures |
|---|---|
| Affected versions | < 1.20.1 |
| Unaffected versions | >= 1.20.1 |
GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols.
A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c.
A local attacker could obtain sensitive information to include credentials.
There is no known workaround at this time.
All GNU Wget users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/wget-1.20.1"
Release date
March 10, 2019
Latest revision
March 10, 2019: 1
Severity
normal
Exploitable
local
Bugzilla entries