[PLDSA 20-1] New lynx packages fix CRLF injection
Krzysiek Taraszka
dzimi at pld.org.pl
Thu Jan 30 14:11:57 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 20-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
16 January 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to lynx-2.8.5dev.3-5
Problem-Type : CRLF injection
PLD-specific : no
lynx (a text-only web browser) did not properly check for illegal
characters in all places, including processing of command line options,
which could be used to insert extra HTTP headers in a request.
The above problems have been fixed in version 2.8.5dev.12-1 for the
current stable distribution (ra).
We recommend that you upgrade your lynx packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'lynx*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'lynx*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/lynx-2.8.5dev.12-1.src.rpm
MD5 checksum: 09db660eaf33fdd7c4959901e75005a1
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/lynx-2.8.5dev.12-1.i386.rpm
MD5 checksum: 6d6700814b5296d2f13e0722c9462445
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/lynx-2.8.5dev.12-1.i586.rpm
MD5 checksum: 74a34fa86446321396e0409eb3e516a8
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/lynx-2.8.5dev.12-1.i686.rpm
MD5 checksum: b1587e6a26b93a006f76e197ba9d0163
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/lynx-2.8.5dev.12-1.ppc.rpm
MD5 checksum: cbf46046ee31ae609b2319b4d3495d9b
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list