Security update for wget
This update for wget fixes the following issues:
Security issues fixed:
- CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext
and making them accessible to the current user only. (bsc#995964)
Non security issues fixed:
- bsc#1005091: Don't call xfree() on string returned by usr_error()
- bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable).
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Josef Möllers (jmoellers)
Fixed bugs
bnc#995964
VUL-1: CVE-2016-7098: wget: files rejected by access list are kept on the disk for the duration of HTTP connection
bnc#1005091
*** glibc detected *** wget: free(): invalid pointer: 0x00007f2fb3b9c076 ***
bnc#1012677
wget does not allow tls 1.2 enforcement
