lynx-2.8.5-28.1.1.1AXS3

エラータID: AXSA:2008-523:02

リリース日: 
2008/12/08 Monday - 16:37
題名: 
lynx-2.8.5-28.1.1.1AXS3
影響のあるチャネル: 
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity: 
High
Description: 

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed; Lynx starts and exits quickly and swiftly displays webpages.
Fixed bugs:
CVE-2006-7234
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
CVE-2008-4690
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929.
NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
CVE-2005-2929
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

解決策: 

Update packages.

CVE: 
CVE-2005-2929
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
CVE-2008-4690
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
CVE-2006-7234
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.




追加情報: 

From Asianux Server 3 SP1 updated packages.

ダウンロード: 

Asianux Server 3 for x86
  1. lynx-2.8.5-28.1.1.1AXS3.i386.rpm
    MD5: 5ae7b61cbb039c2b3544c537e43f3a55
    SHA-256: c8e591f5e97c559ee1a3766435f7bb55dce2d90d056dfcf1a3f3dcf5b0992003
    Size: 1.87 MB

Asianux Server 3 for x86_64
  1. lynx-2.8.5-28.1.1.1AXS3.x86_64.rpm
    MD5: 9d93b927538234183c08026b6eb2b0cc
    SHA-256: 552bf34bf9d885815256b605c5cfd020a1641e717d7d9a039296fa10b8dd6b40
    Size: 1.90 MB