Skip to navigation

Security Advisory lynx security update

Advisory: RHSA-2005:803-4
Type: Security Advisory
Severity: Critical
Issued on: 2005-10-17
Last updated on: 2005-10-17
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-3120

Details

An updated lynx package that corrects a security flaw is now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Lynx is a text-based Web browser.

Ulf Harnhammar discovered a stack overflow bug in Lynx when handling
connections to NNTP (news) servers. An attacker could create a web page
redirecting to a malicious news server which could execute arbitrary code
as the user running lynx. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-3120 to this issue.

Users should update to this erratum package, which contains a backported
patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
lynx-2.8.5-11.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ca0e6cecdbe5d962ba2e0e25906f06c3
 
IA-32:
lynx-2.8.5-11.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4fbf85314f748e70d688d4ef9f1ff039
 
x86_64:
lynx-2.8.5-11.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: d5b28eee28b96bfc485c931bc70f6c8a
 
Red Hat Desktop (v. 4)
SRPMS:
lynx-2.8.5-18.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ffba2de47eba8a232bc7105f5cbefd3d
 
IA-32:
lynx-2.8.5-18.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4513cdfc3723631c7782f6352cdc6b15
 
x86_64:
lynx-2.8.5-18.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 02db15ab7e3205f8909e6f7e859f84f3
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
lynx-2.8.4-18.1.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: 60a69f80b73d527c0245b4ed65a5cbb7
 
IA-32:
lynx-2.8.4-18.1.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 0d17fa55fcb0d090b95b70aee84b9d32
 
IA-64:
lynx-2.8.4-18.1.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: c6bf49b71290710e76a3e188d45a5c96
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
lynx-2.8.5-11.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ca0e6cecdbe5d962ba2e0e25906f06c3
 
IA-32:
lynx-2.8.5-11.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4fbf85314f748e70d688d4ef9f1ff039
 
IA-64:
lynx-2.8.5-11.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 78719dbe540537935c8ff0580a2e0d81
 
PPC:
lynx-2.8.5-11.1.ppc.rpm
File outdated by:  RHSA-2008:0965		     MD5: f2eac36b447292abc662862220bfb06a
 
s390:
lynx-2.8.5-11.1.s390.rpm
File outdated by:  RHSA-2008:0965		     MD5: 0a54265e85c70269d716143f516ba4c8
 
s390x:
lynx-2.8.5-11.1.s390x.rpm
File outdated by:  RHSA-2008:0965		     MD5: e6954205d07620602060a637f256427b
 
x86_64:
lynx-2.8.5-11.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: d5b28eee28b96bfc485c931bc70f6c8a
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
lynx-2.8.5-18.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ffba2de47eba8a232bc7105f5cbefd3d
 
IA-32:
lynx-2.8.5-18.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4513cdfc3723631c7782f6352cdc6b15
 
IA-64:
lynx-2.8.5-18.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 8e3a4b2cc33e6df7fef19930cc691989
 
PPC:
lynx-2.8.5-18.1.ppc.rpm
File outdated by:  RHSA-2008:0965		     MD5: e6e33d53c3eca23c054c697b2c950bde
 
s390:
lynx-2.8.5-18.1.s390.rpm
File outdated by:  RHSA-2008:0965		     MD5: 03c82d440c67572bf89a32af3b736794
 
s390x:
lynx-2.8.5-18.1.s390x.rpm
File outdated by:  RHSA-2008:0965		     MD5: b6c47ed03460baeeab046340e937c857
 
x86_64:
lynx-2.8.5-18.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 02db15ab7e3205f8909e6f7e859f84f3
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
lynx-2.8.4-18.1.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: 60a69f80b73d527c0245b4ed65a5cbb7
 
IA-32:
lynx-2.8.4-18.1.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 0d17fa55fcb0d090b95b70aee84b9d32
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
lynx-2.8.5-11.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ca0e6cecdbe5d962ba2e0e25906f06c3
 
IA-32:
lynx-2.8.5-11.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4fbf85314f748e70d688d4ef9f1ff039
 
IA-64:
lynx-2.8.5-11.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 78719dbe540537935c8ff0580a2e0d81
 
x86_64:
lynx-2.8.5-11.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: d5b28eee28b96bfc485c931bc70f6c8a
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
lynx-2.8.5-18.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ffba2de47eba8a232bc7105f5cbefd3d
 
IA-32:
lynx-2.8.5-18.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4513cdfc3723631c7782f6352cdc6b15
 
IA-64:
lynx-2.8.5-18.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 8e3a4b2cc33e6df7fef19930cc691989
 
x86_64:
lynx-2.8.5-18.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 02db15ab7e3205f8909e6f7e859f84f3
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
lynx-2.8.4-18.1.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: 60a69f80b73d527c0245b4ed65a5cbb7
 
IA-32:
lynx-2.8.4-18.1.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 0d17fa55fcb0d090b95b70aee84b9d32
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
lynx-2.8.5-11.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ca0e6cecdbe5d962ba2e0e25906f06c3
 
IA-32:
lynx-2.8.5-11.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4fbf85314f748e70d688d4ef9f1ff039
 
IA-64:
lynx-2.8.5-11.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 78719dbe540537935c8ff0580a2e0d81
 
x86_64:
lynx-2.8.5-11.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: d5b28eee28b96bfc485c931bc70f6c8a
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
lynx-2.8.5-18.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: ffba2de47eba8a232bc7105f5cbefd3d
 
IA-32:
lynx-2.8.5-18.1.i386.rpm
File outdated by:  RHSA-2008:0965		     MD5: 4513cdfc3723631c7782f6352cdc6b15
 
IA-64:
lynx-2.8.5-18.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 8e3a4b2cc33e6df7fef19930cc691989
 
x86_64:
lynx-2.8.5-18.1.x86_64.rpm
File outdated by:  RHSA-2008:0965		     MD5: 02db15ab7e3205f8909e6f7e859f84f3
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
lynx-2.8.4-18.1.1.src.rpm
File outdated by:  RHSA-2008:0965		     MD5: 60a69f80b73d527c0245b4ed65a5cbb7
 
IA-64:
lynx-2.8.4-18.1.1.ia64.rpm
File outdated by:  RHSA-2008:0965		     MD5: c6bf49b71290710e76a3e188d45a5c96
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

170253 - CAN-2005-3120 lynx buffer overflow


References

https://www.redhat.com/security/data/cve/CVE-2005-3120.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/