| ||||||||||||||||
Ubuntu alert USN-206-1 (lynx)
=========================================================== Ubuntu Security Notice USN-206-1 October 17, 2005 lynx vulnerability CAN-2005-3120 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: lynx The problem can be corrected by upgrading the affected package to version 2.8.5-1ubuntu1.1 (for Ubuntu 4.10), 2.8.5-2ubuntu0.5.04 (for Ubuntu 5.04), or 2.8.5-2ubuntu0.5.10 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 17668 c5251ad9cead60e416cf21a461371877 http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 620 4b4310912f7f76fe01cf8312707be244 http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1882872 8be361fa3eead1e76cbbf2426c255c8b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1833368 d481856973186dd5d432e1102c49a917 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1878484 1496a6331a4666295bd89703e509037a Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 18015 6171994c6c8f67d84267aa69d00ba292 http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 626 08ff9f5a955222f051e4e78101ef7c40 http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1881886 74bc70c3731c903e69fd74eb0a6d2d68 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1832038 f2e333289856566f93f19ca8fd0c5dfd powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1878380 6440d4eae5fadef31aaf21c5396ef401 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 18015 0f7b6e508094dabd59bee9018b368523 http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 626 2a90195b05000a7f318eb04386d1ad1c http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1901120 c2e0da03f20b892aaea81d0f0588f7b1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1833214 7c021c0b0667d3aedc8479579d52e5ad powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2... Size/MD5: 1881080 5ef72d193817f616e99f01113f6053dd -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-... (Log in to post comments)
|
||||||||||||||||