--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152832 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152832 2005-11-14 --------------------------------------------------------------------- Name : lynx Versions : rh73: lynx-2.8.4-18.3.legacy Versions : rh9: lynx-2.8.5-11.2.legacy Versions : fc1: lynx-2.8.5-13.2.legacy Versions : fc2: lynx-2.8.5-15.2.legacy Summary : A text-based Web browser. Description : Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed; Lynx starts and exits quickly and swiftly displays webpages. --------------------------------------------------------------------- Update Information: An updated lynx package that corrects security issues is now available. Lynx is a text-based Web browser. An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2929 to this issue. Ulf Harnhammar discovered a stack overflow bug in Lynx when handling connections to NNTP (news) servers. An attacker could create a web page redirecting to a malicious news server which could execute arbitrary code as the user running lynx. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3120 to this issue. Users should update to this erratum package, which contains backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.8.4-18.3.legacy - Added missing gettext to BuildRequires * Sat Nov 12 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 2.8.4-18.2 - Patches for CVE-2005-3120 and CVE-2005-2929 (#152832) rh9: * Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.8.5-11.2.legacy - Added missing gettext to BuildRequires * Sat Nov 12 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 2.8.5-11.1.legacy - Patches for CVE-2005-3120 and CVE-2005-2929 (#152832) fc1: * Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.8.5-13.2.legacy - Added missing gettext to BuildRequires * Sat Nov 12 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 2.8.5-13.1.legacy - Patches for CVE-2005-3120 and CVE-2005-2929 (#152832) fc2: * Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.8.5-15.2.legacy - Added missing gettext to BuildRequires * Sat Nov 12 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 2.8.5-15.1.legacy - Patches for CVE-2005-3120 and CVE-2005-2929 (#152832) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: f90ed394ffb119c628f30cbe24af00980e21ddec redhat/7.3/updates-testing/i386/lynx-2.8.4-18.3.legacy.i386.rpm ae6eccd737ca25bd411bffb3db5a4ae46b512a0f redhat/7.3/updates-testing/SRPMS/lynx-2.8.4-18.3.legacy.src.rpm rh9: e3f8bdd24f77bd9122afe9550b1711ec39580c30 redhat/9/updates-testing/i386/lynx-2.8.5-11.2.legacy.i386.rpm e6f6f18d22595b977964b03e4f820ef4c259faf4 redhat/9/updates-testing/SRPMS/lynx-2.8.5-11.2.legacy.src.rpm fc1: f9a79fc5425d1d853614c53c1ab158c9328c3078 fedora/1/updates-testing/i386/lynx-2.8.5-13.2.legacy.i386.rpm 6711308acdcff88c914cda153f0862253efa0b67 fedora/1/updates-testing/SRPMS/lynx-2.8.5-13.2.legacy.src.rpm fc2: ff7d68c03bbe5cbeac076e5153dc964b8900a8d5 fedora/2/updates-testing/i386/lynx-2.8.5-15.2.legacy.i386.rpm e46bb7466177677c5a6032fcef7a71bc55145984 fedora/2/updates-testing/SRPMS/lynx-2.8.5-15.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
