An absolute path traversal vulnerability could lead to arbitrary code execution.
Package | net-misc/wget on all architectures |
---|---|
Affected versions | < 1.16 |
Unaffected versions | >= 1.16 |
GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols.
An absolute path traversal vulnerability has been found in GNU Wget.
A remote FTP server is able to write to arbitrary files, and consequently execute arbitrary code.
There is no known workaround at this time.
All GNU Wget users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/wget-1.16"
Release date
November 16, 2014
Latest revision
November 16, 2014: 1
Severity
normal
Exploitable
remote
Bugzilla entries