Univention Bugzilla – Bug 36368
wget: Symlink attack (3.2)
Last modified: 2015-08-21 13:14:34 CEST
If wget is used to recursively download a directory over FTP, a symlink attack can create arbitrary file or overwrite existing ones (CVE-2014-4877).
Advisory: 2015-08-18-wget.yaml
YAML: OK Build log / Patches: OK # zgrep CVE-2014-4877 /usr/share/doc/wget/changelog.Debian.gz setting of wget. Fixes security bug CVE-2014-4877 Inst / Update i386: OK Inst / Update amd64: OK
<http://errata.univention.de/ucs/3.2/362.html>