An update for wget is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2497 Final 1.0 1.0 2024-12-06 Initial 2024-12-06 2024-12-06 openEuler SA Tool V1.0 2024-12-06 wget security update An update for wget is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4 GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc. Security Fix(es): Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.(CVE-2024-10524) An update for wget is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium wget https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2497 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-10524 https://nvd.nist.gov/vuln/detail/CVE-2024-10524 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 wget-1.21.2-6.oe2203sp3.aarch64.rpm wget-debuginfo-1.21.2-6.oe2203sp3.aarch64.rpm wget-debugsource-1.21.2-6.oe2203sp3.aarch64.rpm wget-help-1.21.2-6.oe2203sp3.aarch64.rpm wget-1.20.3-6.oe2003sp4.aarch64.rpm wget-debuginfo-1.20.3-6.oe2003sp4.aarch64.rpm wget-debugsource-1.20.3-6.oe2003sp4.aarch64.rpm wget-help-1.20.3-6.oe2003sp4.aarch64.rpm wget-1.21.2-6.oe2203sp1.aarch64.rpm wget-debuginfo-1.21.2-6.oe2203sp1.aarch64.rpm wget-debugsource-1.21.2-6.oe2203sp1.aarch64.rpm wget-help-1.21.2-6.oe2203sp1.aarch64.rpm wget-1.21.4-3.oe2403.aarch64.rpm wget-debuginfo-1.21.4-3.oe2403.aarch64.rpm wget-debugsource-1.21.4-3.oe2403.aarch64.rpm wget-help-1.21.4-3.oe2403.aarch64.rpm wget-1.21.2-6.oe2203sp4.aarch64.rpm wget-debuginfo-1.21.2-6.oe2203sp4.aarch64.rpm wget-debugsource-1.21.2-6.oe2203sp4.aarch64.rpm wget-help-1.21.2-6.oe2203sp4.aarch64.rpm wget-1.21.2-6.oe2203sp3.src.rpm wget-1.20.3-6.oe2003sp4.src.rpm wget-1.21.2-6.oe2203sp1.src.rpm wget-1.21.4-3.oe2403.src.rpm wget-1.21.2-6.oe2203sp4.src.rpm wget-1.21.2-6.oe2203sp3.x86_64.rpm wget-debuginfo-1.21.2-6.oe2203sp3.x86_64.rpm wget-debugsource-1.21.2-6.oe2203sp3.x86_64.rpm wget-help-1.21.2-6.oe2203sp3.x86_64.rpm wget-1.20.3-6.oe2003sp4.x86_64.rpm wget-debuginfo-1.20.3-6.oe2003sp4.x86_64.rpm wget-debugsource-1.20.3-6.oe2003sp4.x86_64.rpm wget-help-1.20.3-6.oe2003sp4.x86_64.rpm wget-1.21.2-6.oe2203sp1.x86_64.rpm wget-debuginfo-1.21.2-6.oe2203sp1.x86_64.rpm wget-debugsource-1.21.2-6.oe2203sp1.x86_64.rpm wget-help-1.21.2-6.oe2203sp1.x86_64.rpm wget-1.21.4-3.oe2403.x86_64.rpm wget-debuginfo-1.21.4-3.oe2403.x86_64.rpm wget-debugsource-1.21.4-3.oe2403.x86_64.rpm wget-help-1.21.4-3.oe2403.x86_64.rpm wget-1.21.2-6.oe2203sp4.x86_64.rpm wget-debuginfo-1.21.2-6.oe2203sp4.x86_64.rpm wget-debugsource-1.21.2-6.oe2203sp4.x86_64.rpm wget-help-1.21.2-6.oe2203sp4.x86_64.rpm Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. 2024-12-06 CVE-2024-10524 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L wget security update 2024-12-06 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2497