SUSE-SU-2025:01921-1

Опубликовано: 12 июн. 2025

Источник: suse-cvrf

Описание

Security update for wget

This update for wget fixes the following issues:

CVE-2024-10524: Dropped support for shorthand URLs that enabled SSRF attacks (bsc#1233773).

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

wget-1.14-21.25.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501921-1/
Link for SUSE-SU-2025:01921-1
https://lists.suse.com/pipermail/sle-updates/2025-June/040246.html
E-Mail link for SUSE-SU-2025:01921-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1233773
SUSE Bug 1233773
https://www.suse.com/security/cve/CVE-2024-10524/
SUSE CVE CVE-2024-10524 page

Описание

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

Затронутые продукты

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:wget-1.14-21.25.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-10524.html
CVE-2024-10524
https://bugzilla.suse.com/1233256
SUSE Bug 1233256
https://bugzilla.suse.com/1233773
SUSE Bug 1233773

SUSE-SU-2025:01921-1

Описание

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2024-10524

Описание

Затронутые продукты

Ссылки