lynx-2.8.9-4.el8.ML.2
エラータID: AXSA:2022-3339:02
Release date:
Friday, July 1, 2022 - 10:37
Subject:
lynx-2.8.9-4.el8.ML.2
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
Lynx is a text-based Web browser. Lynx does not display any images,
but it does support frames, tables, and most other HTML tags. One
advantage Lynx has over graphical browsers is speed; Lynx starts and
exits quickly and swiftly displays web pages.
Security Fix(es):
lynx: Disclosure of HTTP authentication credentials via SNI data
(CVE-2021-38165)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Additional Changes:
Update the version to 2.8.9-4.el8.ML.2.
CVE(s):
CVE-2021-38165
Solution:
Update packages.
CVEs:
CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Additional Info:
N/A
Download:
SRPMS
- lynx-2.8.9-4.el8.ML.2.src.rpm
MD5: 7d2eee174682bebc81f2ecc017aa5a0f
SHA-256: 434c74dc370de108330f54853e32f1fae284f4fef77631776769efae905949da
Size: 2.60 MB
Asianux Server 8 for x86_64
- lynx-2.8.9-4.el8.ML.2.x86_64.rpm
MD5: 7bada943fd9b59fc8ee7931fcda1f952
SHA-256: b82ae369a3e958e355b18f2d2c3959df49612708ad664acf6f128c040f39a273
Size: 1.57 MB
日本語