Fedora Legacy Test Update Notification: lynx

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Nov 15 05:03:29 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152832
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152832
2005-11-14
---------------------------------------------------------------------

Name        : lynx
Versions    : rh73: lynx-2.8.4-18.3.legacy
Versions    : rh9: lynx-2.8.5-11.2.legacy
Versions    : fc1: lynx-2.8.5-13.2.legacy
Versions    : fc2: lynx-2.8.5-15.2.legacy
Summary     : A text-based Web browser.
Description :
Lynx is a text-based Web browser. Lynx does not display any images,
but it does support frames, tables, and most other HTML tags. One
advantage Lynx has over graphical browsers is speed; Lynx starts and
exits quickly and swiftly displays webpages.

---------------------------------------------------------------------
Update Information:

An updated lynx package that corrects security issues is now available.

Lynx is a text-based Web browser.

An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious
URL which could execute arbitrary code as the user running lynx. The
Common Vulnerabilities and Exposures project assigned the name
CVE-2005-2929 to this issue.

Ulf Harnhammar discovered a stack overflow bug in Lynx when handling
connections to NNTP (news) servers. An attacker could create a web page
redirecting to a malicious news server which could execute arbitrary
code as the user running lynx. The Common Vulnerabilities and Exposures
project assigned the name CVE-2005-3120 to this issue.

Users should update to this erratum package, which contains backported
patches to correct these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.8.4-18.3.legacy
- Added missing gettext to BuildRequires

* Sat Nov 12 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 2.8.4-18.2
- Patches for CVE-2005-3120 and CVE-2005-2929 (#152832)

rh9:
* Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.8.5-11.2.legacy
- Added missing gettext to BuildRequires

* Sat Nov 12 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 2.8.5-11.1.legacy
- Patches for CVE-2005-3120 and CVE-2005-2929 (#152832)

fc1:
* Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.8.5-13.2.legacy
- Added missing gettext to BuildRequires

* Sat Nov 12 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 2.8.5-13.1.legacy
- Patches for CVE-2005-3120 and CVE-2005-2929 (#152832)

fc2:
* Mon Nov 14 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.8.5-15.2.legacy
- Added missing gettext to BuildRequires

* Sat Nov 12 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 2.8.5-15.1.legacy
- Patches for CVE-2005-3120 and CVE-2005-2929 (#152832)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
f90ed394ffb119c628f30cbe24af00980e21ddec
redhat/7.3/updates-testing/i386/lynx-2.8.4-18.3.legacy.i386.rpm
ae6eccd737ca25bd411bffb3db5a4ae46b512a0f
redhat/7.3/updates-testing/SRPMS/lynx-2.8.4-18.3.legacy.src.rpm

rh9:
e3f8bdd24f77bd9122afe9550b1711ec39580c30
redhat/9/updates-testing/i386/lynx-2.8.5-11.2.legacy.i386.rpm
e6f6f18d22595b977964b03e4f820ef4c259faf4
redhat/9/updates-testing/SRPMS/lynx-2.8.5-11.2.legacy.src.rpm

fc1:
f9a79fc5425d1d853614c53c1ab158c9328c3078
fedora/1/updates-testing/i386/lynx-2.8.5-13.2.legacy.i386.rpm
6711308acdcff88c914cda153f0862253efa0b67
fedora/1/updates-testing/SRPMS/lynx-2.8.5-13.2.legacy.src.rpm

fc2:
ff7d68c03bbe5cbeac076e5153dc964b8900a8d5
fedora/2/updates-testing/i386/lynx-2.8.5-15.2.legacy.i386.rpm
e46bb7466177677c5a6032fcef7a71bc55145984
fedora/2/updates-testing/SRPMS/lynx-2.8.5-15.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20051115/966ec6cb/attachment.sig>

More information about the fedora-legacy-list mailing list