{"id":"MGASA-2018-0244","summary":"Updated wget packages fix security vulnerabilities","details":"Harry Sintonen discovered that wget does not properly handle '\\r\\n' from\ncontinuation lines while parsing the Set-Cookie HTTP header. A malicious\nweb server could use this flaw to inject arbitrary cookies to the cookie\njar file, adding new or replacing existing cookie values (CVE-2018-0494).\n\nThe Mageia 6 package has been updated to version 1.19.5, which fixes this\nissue as well as other possible security issues found by fuzzing.  The\nMageia 5 package has been patched to fix CVE-2018-0494.\n","modified":"2026-01-30T19:20:50.637886Z","published":"2018-05-16T08:24:56Z","related":["CVE-2018-0494"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0244.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23002"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2018/05/06/1"},{"type":"REPORT","url":"https://www.debian.org/security/2018/dsa-4195"}],"affected":[{"package":{"name":"wget","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/wget?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.15-5.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0244.json"}},{"package":{"name":"wget","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wget?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.19.5-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0244.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}