User: Password:
|
|
Subscribe / Log in / New account

Scientific Linux alert SL-elin-20130211 (elinks)

From:  Pat Riehecky <riehecky@fnal.gov>
To:  "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" <SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV>
Subject:  Security ERRATA Moderate: elinks on SL5.x, SL6.x i386/x86_64
Date:  Mon, 11 Feb 2013 14:03:23 -0600
Message-ID:  <51194E8B.3040009@fnal.gov>
Archive-link:  Article, Thread

Synopsis: Moderate: elinks security update Issue Date: 2013-02-11 CVE Numbers: CVE-2012-4545 -- It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2012-4545) -- SL5 x86_64 elinks-0.11.1-8.el5_9.x86_64.rpm elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm i386 elinks-0.11.1-8.el5_9.i386.rpm elinks-debuginfo-0.11.1-8.el5_9.i386.rpm SL6 x86_64 elinks-0.12-0.21.pre5.el6_3.x86_64.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm i386 elinks-0.12-0.21.pre5.el6_3.i686.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm - Scientific Linux Development Team


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds