Paketname
lynx
Datum
2008-10-28
Advisory ID
MDVSA-2008:218
Betroffene Versionen
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

A vulnerability was found in the Lynxcgi: URI handler that could allow
an attacker to create a web page redirecting to a malicious URL that
would execute arbitrary code as the user running Lynx, if they were
using the non-default Advanced user mode (CVE-2008-4690).

This update corrects these issues and, in addition, makes Lynx always
prompt the user before loading a lynxcgi: URI. As well, the default
lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.

Aktualisierte Pakete

2009.0 x86_64

 0ad22b9ff40e6c7b8fc8ce25c4ef51cc  2009.0/x86_64/lynx-2.8.6-2.1mdv2009.0.x86_64.rpm 
 0026bfc6799a2242afd794932ce0b5a8  2009.0/SRPMS/lynx-2.8.6-2.1mdv2009.0.src.rpm

2008.0 i586

 2a6a4130c12d3d45d926b49713420272  2008.0/i586/lynx-2.8.6-2.1mdv2008.0.i586.rpm 
 aa0ff44a80fa5b485b54f52d12b485f2  2008.0/SRPMS/lynx-2.8.6-2.1mdv2008.0.src.rpm

2009.0 i586

 65c1c0a4cf6a8758bc8506b9a7b1d3c4  2009.0/i586/lynx-2.8.6-2.1mdv2009.0.i586.rpm 
 0026bfc6799a2242afd794932ce0b5a8  2009.0/SRPMS/lynx-2.8.6-2.1mdv2009.0.src.rpm

2008.0 x86_64

 dcabb93ba8e48a0a96a632d2c8b11cb4  2008.0/x86_64/lynx-2.8.6-2.1mdv2008.0.x86_64.rpm 
 aa0ff44a80fa5b485b54f52d12b485f2  2008.0/SRPMS/lynx-2.8.6-2.1mdv2008.0.src.rpm

2008.1 x86_64

 3ae02ae07a01e65aa16e3317e2d7afb0  2008.1/x86_64/lynx-2.8.6-2.1mdv2008.1.x86_64.rpm 
 68ddd2a1b9f991c11793a51dfbe9d9cb  2008.1/SRPMS/lynx-2.8.6-2.1mdv2008.1.src.rpm

2008.1 i586

 1e04683750a061eecbe58c1b4fe7b173  2008.1/i586/lynx-2.8.6-2.1mdv2008.1.i586.rpm 
 68ddd2a1b9f991c11793a51dfbe9d9cb  2008.1/SRPMS/lynx-2.8.6-2.1mdv2008.1.src.rpm

Referenzen