| Errata ID | 451 |
|---|---|
| Date | 2017-08-16 |
| Source package | wget |
| Fixed in version | 1.13.4-3.32.201708101455 |
| Description | This update addresses the following issues: * Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) * Injection of arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL due to vulnerability in the url_parse function (CVE-2017-6508) |
| Additional notes | |
| CVE ID | CVE-2016-4971 CVE-2017-6508 |
| UCS Bug number | #41662 |
