Skip to navigation

Security Advisory Critical: elinks security update

Advisory: RHSA-2006:0742-5
Type: Security Advisory
Severity: Critical
Issued on: 2006-11-15
Last updated on: 2006-11-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-5925

Details

An updated elinks package that corrects a security vulnerability is now
available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Elinks is a text mode Web browser used from the command line that supports
rendering modern web pages.

An arbitrary file access flaw was found in the Elinks SMB protocol handler.
A malicious web page could have caused Elinks to read or write files with
the permissions of the user running Elinks. (CVE-2006-5925)

All users of Elinks are advised to upgrade to this updated package, which
resolves this issue by removing support for the SMB protocol from Elinks.

Note: this issue did not affect the Elinks package shipped with Red Hat
Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise
Linux 2.1.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
elinks-0.9.2-3.3.src.rpm
File outdated by:  RHSA-2009:1471		     MD5: 643211bd98a9d92223bedbc69f71d68c
 
IA-32:
elinks-0.9.2-3.3.i386.rpm
File outdated by:  RHSA-2009:1471		     MD5: 700134005525634e35dc940cd6d7c843
 
x86_64:
elinks-0.9.2-3.3.x86_64.rpm
File outdated by:  RHSA-2009:1471		     MD5: c9058b064da38141780a52ae4d429709
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
elinks-0.9.2-3.3.src.rpm
File outdated by:  RHSA-2009:1471		     MD5: 643211bd98a9d92223bedbc69f71d68c
 
IA-32:
elinks-0.9.2-3.3.i386.rpm
File outdated by:  RHSA-2009:1471		     MD5: 700134005525634e35dc940cd6d7c843
 
IA-64:
elinks-0.9.2-3.3.ia64.rpm
File outdated by:  RHSA-2009:1471		     MD5: 15eac414d532897f4da1ecb0063768a7
 
PPC:
elinks-0.9.2-3.3.ppc.rpm
File outdated by:  RHSA-2009:1471		     MD5: 39d20a380d0d55d6d9ac40d89e389392
 
s390:
elinks-0.9.2-3.3.s390.rpm
File outdated by:  RHSA-2009:1471		     MD5: 3fe1f629f197048d770e327f1b5ca923
 
s390x:
elinks-0.9.2-3.3.s390x.rpm
File outdated by:  RHSA-2009:1471		     MD5: 5c5129455dfbd5318477b1fc32421bb6
 
x86_64:
elinks-0.9.2-3.3.x86_64.rpm
File outdated by:  RHSA-2009:1471		     MD5: c9058b064da38141780a52ae4d429709
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
elinks-0.9.2-3.3.src.rpm
File outdated by:  RHSA-2009:1471		     MD5: 643211bd98a9d92223bedbc69f71d68c
 
IA-32:
elinks-0.9.2-3.3.i386.rpm
File outdated by:  RHSA-2009:1471		     MD5: 700134005525634e35dc940cd6d7c843
 
IA-64:
elinks-0.9.2-3.3.ia64.rpm
File outdated by:  RHSA-2009:1471		     MD5: 15eac414d532897f4da1ecb0063768a7
 
x86_64:
elinks-0.9.2-3.3.x86_64.rpm
File outdated by:  RHSA-2009:1471		     MD5: c9058b064da38141780a52ae4d429709
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
elinks-0.9.2-3.3.src.rpm
File outdated by:  RHSA-2009:1471		     MD5: 643211bd98a9d92223bedbc69f71d68c
 
IA-32:
elinks-0.9.2-3.3.i386.rpm
File outdated by:  RHSA-2009:1471		     MD5: 700134005525634e35dc940cd6d7c843
 
IA-64:
elinks-0.9.2-3.3.ia64.rpm
File outdated by:  RHSA-2009:1471		     MD5: 15eac414d532897f4da1ecb0063768a7
 
x86_64:
elinks-0.9.2-3.3.x86_64.rpm
File outdated by:  RHSA-2009:1471		     MD5: c9058b064da38141780a52ae4d429709
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

215731 - CVE-2006-5925 elinks smb protocol arbitrary file access


References

https://www.redhat.com/security/data/cve/CVE-2006-5925.html
http://marc.theaimsgroup.com/?&m=116355556512780
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/