ELSA-2008-0965

ELSA-2008-0965 - lynx security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2008-10-27

Description

[2.8.5-28.1.1]
- add patch for CVE-2008-4690 (rhbz#468184)
- prompt user before executing commands from the lynxcgi: handler,
even in the advanced user mode
- mark all lynxcgi: URIs as untrusted in the default lynx.cfg
- add patch to prevent lynx from opening configuration files in the
current working directory (CVE to be assigned) (rhbz#214205)

Related CVEs

CVE-2006-7234

CVE-2008-4690

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 3 (i386)	lynx-2.8.5-11.3.src.rpm	29fd96cab6d23c889dde3da0e426604c	-
	lynx-2.8.5-11.3.i386.rpm	1b820ad2dc456cee37f58399e74eb68d	-
Oracle Linux 3 (x86_64)	lynx-2.8.5-11.3.src.rpm	29fd96cab6d23c889dde3da0e426604c	-
	lynx-2.8.5-11.3.x86_64.rpm	4c78e6cfb2fee80ab254973ea59dde9b	-
Oracle Linux 4 (i386)	lynx-2.8.5-18.2.el4_7.1.src.rpm	b806ba7415e6b7ff583f44b566666b8d	-
	lynx-2.8.5-18.2.el4_7.1.i386.rpm	60e1372d07e6c2d1a47b87d7916e33c2	-
Oracle Linux 4 (ia64)	lynx-2.8.5-18.2.el4_7.1.src.rpm	b806ba7415e6b7ff583f44b566666b8d	-
	lynx-2.8.5-18.2.el4_7.1.ia64.rpm	9a79c7778b04c11a03cc65e998eb178f	-
Oracle Linux 4 (x86_64)	lynx-2.8.5-18.2.el4_7.1.src.rpm	b806ba7415e6b7ff583f44b566666b8d	-
	lynx-2.8.5-18.2.el4_7.1.x86_64.rpm	2eb63ca85a8779a479a31e62688e3624	-
Oracle Linux 5 (i386)	lynx-2.8.5-28.1.el5_2.1.src.rpm	844fb04ecff04a7486ba33c2f5434fce	-
	lynx-2.8.5-28.1.el5_2.1.i386.rpm	42260fb8608c787c1d51f4be3488b67c	-
Oracle Linux 5 (ia64)	lynx-2.8.5-28.1.el5_2.1.src.rpm	844fb04ecff04a7486ba33c2f5434fce	-
	lynx-2.8.5-28.1.el5_2.1.ia64.rpm	d8858c1eaeb10bcdf2cd0f2f8ec01e5c	-
Oracle Linux 5 (x86_64)	lynx-2.8.5-28.1.el5_2.1.src.rpm	844fb04ecff04a7486ba33c2f5434fce	-
	lynx-2.8.5-28.1.el5_2.1.x86_64.rpm	3d5f0e67602697567f80ec5a30f73202	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team