Support / Security / Advisories / Corporate Server 2.1 / MDKSA-2005:211

Package name: lynx
Date: 2005-11-12
Advisory ID: MDKSA-2005:211
Affected versions: MNF2.0 i586 , 2006.0 i586 , CS2.1 i586 , 10.2 i586 , 10.1 i586 , CS2.1 x86_64 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64 , 10.1 x86_64

Problem description

An arbitrary command execution vulnerability was discovered in the
lynx "lynxcgi:" URI handler. An attacker could create a web page that
redirects to a malicious URL which could then execute arbitrary code
as the user running lynx.

The updated packages have been patched to address this issue.

Updated packages

MNF2.0 i586

 2b08be7e48f71825de929c00cf7eedc4  mnf/2.0/RPMS/lynx-2.8.5-1.3.M20mdk.i586.rpm
 033fa133cbe350604917b941b9ae9716  mnf/2.0/SRPMS/lynx-2.8.5-1.3.M20mdk.src.rpm

2006.0 i586

 360fdf310e0d9263d3d60b4d9e4190fa  2006.0/RPMS/lynx-2.8.5-4.3.20060mdk.i586.rpm
 909b67078592125b37a070d0895fb9ac  2006.0/SRPMS/lynx-2.8.5-4.3.20060mdk.src.rpm

CS2.1 i586

 5722c024a1d5642cbfd93e91a5a11e81  corporate/2.1/RPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.i586.rpm
 7794c13cd786fd5bea163b3128d41253  corporate/2.1/SRPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.src.rpm

10.2 i586

 e4776978467d47534e400d3a26b674d6  10.2/RPMS/lynx-2.8.5-1.3.102mdk.i586.rpm
 e45d2ae283fa9646076a9d5d9f80938e  10.2/SRPMS/lynx-2.8.5-1.3.102mdk.src.rpm

10.1 i586

 d159808dc386722d03f80c9e92ec3892  10.1/RPMS/lynx-2.8.5-1.3.101mdk.i586.rpm
 8a2235e8844d26d93d68fe8450c173d0  10.1/SRPMS/lynx-2.8.5-1.3.101mdk.src.rpm

CS2.1 x86_64

 df29c26d3532351e2ba0e23785f6bcd5  x86_64/corporate/2.1/RPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.x86_64.rpm
 7794c13cd786fd5bea163b3128d41253  x86_64/corporate/2.1/SRPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.src.rpm

CS3.0 x86_64

 cb70e5d88517bf59cc46ee47de6a6a7e  x86_64/corporate/3.0/RPMS/lynx-2.8.5-1.3.C30mdk.x86_64.rpm
 10408828ef7ed0efc5fe17e641c14556  x86_64/corporate/3.0/SRPMS/lynx-2.8.5-1.3.C30mdk.src.rpm

CS3.0 i586

 fcc6ced2d05c127980f5c47ed8b68230  corporate/3.0/RPMS/lynx-2.8.5-1.3.C30mdk.i586.rpm
 10408828ef7ed0efc5fe17e641c14556  corporate/3.0/SRPMS/lynx-2.8.5-1.3.C30mdk.src.rpm

10.2 x86_64

 6ac64a06ce7637ea87040a0631e64ad0  x86_64/10.2/RPMS/lynx-2.8.5-1.3.102mdk.x86_64.rpm
 e45d2ae283fa9646076a9d5d9f80938e  x86_64/10.2/SRPMS/lynx-2.8.5-1.3.102mdk.src.rpm

2006.0 x86_64

 5148d3c09eb8b23f4e4c0f7856f4c141  x86_64/2006.0/RPMS/lynx-2.8.5-4.3.20060mdk.x86_64.rpm
 909b67078592125b37a070d0895fb9ac  x86_64/2006.0/SRPMS/lynx-2.8.5-4.3.20060mdk.src.rpm

10.1 x86_64

 0ffac10c91727b3c3a9b7988ad254b0c  x86_64/10.1/RPMS/lynx-2.8.5-1.3.101mdk.x86_64.rpm
 8a2235e8844d26d93d68fe8450c173d0  x86_64/10.1/SRPMS/lynx-2.8.5-1.3.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2929