wget-1.25.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14492-1 Final 1 1 2024-11-13T00:00:00Z current 2024-11-13T00:00:00Z 2024-11-13T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z wget-1.25.0-1.1 on GA media These are all security issues fixed in the wget-1.25.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14492 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EBDIZKQRGYQMJYWWQYJZJ4APTZPL6S4K/ E-Mail link for openSUSE-SU-2024:14492-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-10524/ SUSE CVE CVE-2024-10524 page openSUSE Tumbleweed wget-1.25.0-1.1 wget-lang-1.25.0-1.1 wget-1.25.0-1.1 as a component of openSUSE Tumbleweed wget-lang-1.25.0-1.1 as a component of openSUSE Tumbleweed Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524 openSUSE Tumbleweed:wget-1.25.0-1.1 openSUSE Tumbleweed:wget-lang-1.25.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EBDIZKQRGYQMJYWWQYJZJ4APTZPL6S4K/ https://www.suse.com/security/cve/CVE-2024-10524.html CVE-2024-10524 https://bugzilla.suse.com/1233256 SUSE Bug 1233256 https://bugzilla.suse.com/1233773 SUSE Bug 1233773