Security update for wget SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01921-1 Final 1 1 2025-06-12T06:29:35Z current 2025-06-12T06:29:35Z 2025-06-12T06:29:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wget This update for wget fixes the following issues: - CVE-2024-10524: Dropped support for shorthand URLs that enabled SSRF attacks (bsc#1233773). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1921,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1921 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501921-1/ Link for SUSE-SU-2025:01921-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040246.html E-Mail link for SUSE-SU-2025:01921-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233773 SUSE Bug 1233773 https://www.suse.com/security/cve/CVE-2024-10524/ SUSE CVE CVE-2024-10524 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 wget-1.14-21.25.1 wget-1.14-21.25.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:wget-1.14-21.25.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501921-1/ https://www.suse.com/security/cve/CVE-2024-10524.html CVE-2024-10524 https://bugzilla.suse.com/1233256 SUSE Bug 1233256 https://bugzilla.suse.com/1233773 SUSE Bug 1233773