Skip to navigation

Security Advisory lynx security update

Advisory: RHSA-2005:839-3
Type: Security Advisory
Severity: Critical
Issued on: 2005-11-11
Last updated on: 2005-11-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-2929

Details

An updated lynx package that corrects a security flaw is now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Lynx is a text-based Web browser.

An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. The Common
Vulnerabilities and Exposures project assigned the name CVE-2005-2929 to
this issue.

Users should update to this erratum package, which contains a backported
patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
lynx-2.8.5-11.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: 577bcf60f5b5ccf503e8deee017f549f
 
IA-32:
lynx-2.8.5-11.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5a834d80cc25f1727582f3b9f563a414
 
x86_64:
lynx-2.8.5-11.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 0b6242c2fcd0500fda167415def46d0a
 
Red Hat Desktop (v. 4)

SRPMS:
lynx-2.8.5-18.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: b313e1461e8cf908c456c729fa3c06d9
 
IA-32:
lynx-2.8.5-18.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5582f24c41bba43315714ad2c587270d
 
x86_64:
lynx-2.8.5-18.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: c2502b5ba9fe8d060755826407b9d7d7
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
lynx-2.8.4-18.1.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: bc22bfa2af84c0ce3ac1b938d2105c12
 
IA-32:
lynx-2.8.4-18.1.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 92ab1fc6ad32aff2b309bdf8c6bebb30
 
IA-64:
lynx-2.8.4-18.1.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 8b59050227539bd10f525689aee035cf
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
lynx-2.8.5-11.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: 577bcf60f5b5ccf503e8deee017f549f
 
IA-32:
lynx-2.8.5-11.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5a834d80cc25f1727582f3b9f563a414
 
IA-64:
lynx-2.8.5-11.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: ef28b7c2b18882a7b560be97f6ae8560
 
PPC:
lynx-2.8.5-11.2.ppc.rpm
File outdated by:  RHSA-2008:0965
    MD5: ca4425a684a26c2a4d8bd050a3d13dba
 
s390:
lynx-2.8.5-11.2.s390.rpm
File outdated by:  RHSA-2008:0965
    MD5: 936342af3c5c168bdd6cd08342d36f1d
 
s390x:
lynx-2.8.5-11.2.s390x.rpm
File outdated by:  RHSA-2008:0965
    MD5: ec2fa46133feddb0d9c901a854643455
 
x86_64:
lynx-2.8.5-11.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 0b6242c2fcd0500fda167415def46d0a
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
lynx-2.8.5-18.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: b313e1461e8cf908c456c729fa3c06d9
 
IA-32:
lynx-2.8.5-18.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5582f24c41bba43315714ad2c587270d
 
IA-64:
lynx-2.8.5-18.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 402ab10ac0c79e7e82ef101cd8ffd6a4
 
PPC:
lynx-2.8.5-18.2.ppc.rpm
File outdated by:  RHSA-2008:0965
    MD5: 6566764ce7d22dcdfcb8adff4dd12c04
 
s390:
lynx-2.8.5-18.2.s390.rpm
File outdated by:  RHSA-2008:0965
    MD5: 9fa86f3a2f0858e62a6a4868afe82aec
 
s390x:
lynx-2.8.5-18.2.s390x.rpm
File outdated by:  RHSA-2008:0965
    MD5: cc810119aa66d52aff3470069cfc941d
 
x86_64:
lynx-2.8.5-18.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: c2502b5ba9fe8d060755826407b9d7d7
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
lynx-2.8.4-18.1.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: bc22bfa2af84c0ce3ac1b938d2105c12
 
IA-32:
lynx-2.8.4-18.1.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 92ab1fc6ad32aff2b309bdf8c6bebb30
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
lynx-2.8.5-11.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: 577bcf60f5b5ccf503e8deee017f549f
 
IA-32:
lynx-2.8.5-11.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5a834d80cc25f1727582f3b9f563a414
 
IA-64:
lynx-2.8.5-11.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: ef28b7c2b18882a7b560be97f6ae8560
 
x86_64:
lynx-2.8.5-11.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 0b6242c2fcd0500fda167415def46d0a
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
lynx-2.8.5-18.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: b313e1461e8cf908c456c729fa3c06d9
 
IA-32:
lynx-2.8.5-18.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5582f24c41bba43315714ad2c587270d
 
IA-64:
lynx-2.8.5-18.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 402ab10ac0c79e7e82ef101cd8ffd6a4
 
x86_64:
lynx-2.8.5-18.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: c2502b5ba9fe8d060755826407b9d7d7
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
lynx-2.8.4-18.1.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: bc22bfa2af84c0ce3ac1b938d2105c12
 
IA-32:
lynx-2.8.4-18.1.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 92ab1fc6ad32aff2b309bdf8c6bebb30
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
lynx-2.8.5-11.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: 577bcf60f5b5ccf503e8deee017f549f
 
IA-32:
lynx-2.8.5-11.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5a834d80cc25f1727582f3b9f563a414
 
IA-64:
lynx-2.8.5-11.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: ef28b7c2b18882a7b560be97f6ae8560
 
x86_64:
lynx-2.8.5-11.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 0b6242c2fcd0500fda167415def46d0a
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
lynx-2.8.5-18.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: b313e1461e8cf908c456c729fa3c06d9
 
IA-32:
lynx-2.8.5-18.2.i386.rpm
File outdated by:  RHSA-2008:0965
    MD5: 5582f24c41bba43315714ad2c587270d
 
IA-64:
lynx-2.8.5-18.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 402ab10ac0c79e7e82ef101cd8ffd6a4
 
x86_64:
lynx-2.8.5-18.2.x86_64.rpm
File outdated by:  RHSA-2008:0965
    MD5: c2502b5ba9fe8d060755826407b9d7d7
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
lynx-2.8.4-18.1.2.src.rpm
File outdated by:  RHSA-2008:0965
    MD5: bc22bfa2af84c0ce3ac1b938d2105c12
 
IA-64:
lynx-2.8.4-18.1.2.ia64.rpm
File outdated by:  RHSA-2008:0965
    MD5: 8b59050227539bd10f525689aee035cf
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

172972 - CVE-2005-2929 lynx arbitrary command execution


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/