rpms/lynx/F-8 lynx-CVE-2008-4690.patch, NONE, 1.1 lynx.spec, 1.48, 1.49
Jiří Moskovčák
jmoskovc at fedoraproject.org
Mon Nov 10 12:15:14 UTC 2008
Author: jmoskovc
Update of /cvs/extras/rpms/lynx/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10286
Modified Files:
lynx.spec
Added Files:
lynx-CVE-2008-4690.patch
Log Message:
Fixed CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
lynx-CVE-2008-4690.patch:
--- NEW FILE lynx-CVE-2008-4690.patch ---
--- lynx2-8-6/CHANGES.old 2008-11-06 15:29:26.000000000 +0100
+++ lynx2-8-6/CHANGES 2008-11-06 15:32:44.000000000 +0100
@@ -1,5 +1,11 @@
Changes since Lynx 2.8 release
===============================================================================
+2008-10-26
+* modify patch for CVE-2005-2929 to prompt user before executing command via
+ a lynxcgi link even in advanced mode, as the actual URL may not be shown but
+ hidden behind an HTTP redirect
+* set TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default
+ [CVE-2008-4690]
2007-05-09 (2.8.6rel.5 fix from 2.8.7dev.5)
* correct loop-limit in print_crawl_to_fd(), which broke
--- lynx2-8-6/src/LYCgi.c.old 2008-11-06 15:29:58.000000000 +0100
+++ lynx2-8-6/src/LYCgi.c 2008-11-06 15:30:53.000000000 +0100
@@ -165,7 +165,7 @@ static BOOL can_exec_cgi(const char *lin
if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) {
/* exec_ok gives out msg. */
result = FALSE;
- } else if (user_mode < ADVANCED_MODE) {
+ } else {
StrAllocCopy(command, linktext);
if (non_empty(linkargs)) {
HTSprintf(&command, " %s", linkargs);
--- lynx2-8-5.orig/lynx.cfg 2008-10-26 21:45:02.000000000 +0100
+++ lynx2-8-5/lynx.cfg 2008-10-26 21:45:38.000000000 +0100
@@ -997,7 +997,7 @@ CHARACTER_SET:utf-8
# ====
# Do not define this.
#
-#TRUSTED_LYNXCGI:none
+TRUSTED_LYNXCGI:none
.h2 LYNXCGI_ENVIRONMENT
Index: lynx.spec
===================================================================
RCS file: /cvs/extras/rpms/lynx/F-8/lynx.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- lynx.spec 30 May 2008 11:08:26 -0000 1.48
+++ lynx.spec 10 Nov 2008 12:14:44 -0000 1.49
@@ -1,7 +1,7 @@
Summary: A text-based Web browser
Name: lynx
Version: 2.8.6
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPL
Group: Applications/Internet
Source: http://lynx.isc.org/current/lynx%{version}.tar.bz2
@@ -11,6 +11,7 @@
Patch2: lynx-2.8.6-options.patch
Patch3: lynx-2.8.6-backgrcolor.patch
Patch4: lynx-2.8.6-fmt_string.patch
+Patch5: lynx-CVE-2008-4690.patch
Requires: indexhtml
Provides: webclient
Provides: text-www-browser
@@ -31,6 +32,7 @@
%patch2 -p1 -b .opt
%patch3 -p1 -b .bgcol
%patch4 -p1 -b .fmt_string
+%patch5 -p1 -b .CVE-2008-4690
perl -pi -e "s,^HELPFILE:.*,HELPFILE:file://localhost/usr/share/doc/lynx-%{version}/lynx_help/lynx_help_main.html,g" lynx.cfg
perl -pi -e "s,^DEFAULT_INDEX_FILE:.*,DEFAULT_INDEX_FILE:http://www.google.com/,g" lynx.cfg
perl -pi -e 's,^#LOCALE_CHARSET:.*,LOCALE_CHARSET:TRUE,' lynx.cfg
@@ -102,6 +104,10 @@
%config(noreplace,missingok) %{_sysconfdir}/lynx-site.cfg
%changelog
+* Mon Nov 10 2008 Jiri Moskovcak <jmoskovc at redhat.com> - 2.8.6-12
+- Fixed CVE-2008-4690 lynx: remote arbitrary command execution.
+ via a crafted lynxcgi: URL (thoger)
+
* Fri May 30 2008 Jiri Moskovcak <jmoskovc at redhat.com> - 2.8.6-11
- updated to latest upstream version 2.8.6rel5
- Resolves: #214205
More information about the fedora-extras-commits
mailing list