wget (SL7)

Synopsis: Moderate: wget security and bug fix update
Advisory ID: SLSA-2016:2587-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-4971

Security Fix(es):

* It was found that wget used a file name provided by the server for the
downloaded file when following an HTTP redirect to a FTP server resource.
This could cause wget to create a file with a different name than
expected, possibly allowing the server to execute arbitrary code on the
client. (CVE-2016-4971)


– Scientific Linux Development Team