Home / mailings [USN-1642-1] Lynx vulnerabilities
Posted on 29 November 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1642-1
November 29, 2012
lynx-cur vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
Two security issues were fixed in Lynx.
Software Description:
- lynx-cur: Text-mode WWW Browser with NLS support
Details:
Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user
were tricked into opening a specially crafted page, a remote attacker cou=
ld
cause a denial of service via application crash, or possibly execute
arbitrary code as the user invoking the program. This issue only affected=
Ubuntu 10.04 LTS. (CVE-2010-2810)
It was discovered that Lynx did not properly verify that an HTTPS
certificate was signed by a trusted certificate authority. This could all=
ow
an attacker to perform a "man in the middle" (MITM) attack which would ma=
ke
the user believe their connection is secure, but is actually being
monitored. This update changes the behavior of Lynx such that self-signed=
certificates no longer validate. Users requiring the previous behavior ca=
n
use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
lynx-cur 2.8.8dev.12-2ubuntu0.1
Ubuntu 12.04 LTS:
lynx-cur 2.8.8dev.9-2ubuntu0.12.04.1
Ubuntu 11.10:
lynx-cur 2.8.8dev.9-2ubuntu0.11.10.1
Ubuntu 10.04 LTS:
lynx-cur 2.8.8dev.2-1ubuntu0.1
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-1642-1
CVE-2010-2810, CVE-2012-5821
Package Information:
https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.12-2ubuntu0.1
https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.9-2ubuntu0.12.04=
=2E1
https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.9-2ubuntu0.11.10=
=2E1
https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.2-1ubuntu0.1
------------
