ALAS-2014-442


Amazon Linux AMI Security Advisory: ALAS-2014-442
Advisory Release Date: 2014-11-05 14:40 Pacific
Severity: Medium
References: CVE-2014-4877 

Issue Overview:

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.


Affected Packages:

wget


Issue Correction:
Run yum update wget to update your system.

New Packages:
i686:
    wget-debuginfo-1.16-1.13.amzn1.i686
    wget-1.16-1.13.amzn1.i686

src:
    wget-1.16-1.13.amzn1.src

x86_64:
    wget-debuginfo-1.16-1.13.amzn1.x86_64
    wget-1.16-1.13.amzn1.x86_64