A flaw was found in the way Lynx handled .mailcap and .mime.types
configuration files. If these files were present in the current
working directory, they would be loaded prior to similar files in
the user's home directory. This could allow a local attacker to
possibly execute arbitrary code as the user running Lynx, if they
could convince the user to run Lynx in a directory under their control
(CVE-2006-7234).
A vulnerability was found in the Lynxcgi: URI handler that could allow
an attacker to create a web page redirecting to a malicious URL that
would execute arbitrary code as the user running Lynx, if they were
using the non-default Advanced user mode (CVE-2008-4690).
This update corrects these issues and, in addition, makes Lynx always
prompt the user before loading a lynxcgi: URI. As well, the default
lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2006-7234
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4690
_______________________________________________________________________
[ MDVSA-2008:217 ] lynx
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2008:217 ] lynx
Kirjoittaja dude67 » 29 Loka 2008, 17:57
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 34 vierailijaa