Security update for wget SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20097-1 Final 1 1 2025-02-03T09:14:10Z current 2025-02-03T09:14:10Z 2025-02-03T09:14:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wget This update for wget fixes the following issues: - CVE-2024-10524: Drop support for shorthand URLs (bsc#1233773). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-128 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520097-1/ Link for SUSE-SU-2025:20097-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021220.html E-Mail link for SUSE-SU-2025:20097-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233773 SUSE Bug 1233773 https://www.suse.com/security/cve/CVE-2024-10524/ SUSE CVE CVE-2024-10524 page SUSE Linux Micro 6.0 wget-1.24.5-2.1 wget-1.24.5-2.1 as a component of SUSE Linux Micro 6.0 Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524 SUSE Linux Micro 6.0:wget-1.24.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520097-1/ https://www.suse.com/security/cve/CVE-2024-10524.html CVE-2024-10524 https://bugzilla.suse.com/1233256 SUSE Bug 1233256 https://bugzilla.suse.com/1233773 SUSE Bug 1233773