Skip to navigation

Security Advisory Moderate: elinks security update

Advisory: RHSA-2013:0250-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-02-11
Last updated on: 2013-02-11
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux EUS (v. 5.9.z server)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Long Life (v. 5.9 server)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-4545

Details

An updated elinks package that fixes one security issue is now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

ELinks is a text-based web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.

It was found that ELinks performed client credentials delegation during the
client-to-server GSS security mechanisms negotiation. A rogue server could
use this flaw to obtain the client's credentials and impersonate that
client to other servers that are using GSSAPI. (CVE-2012-4545)

This issue was discovered by Marko Myllynen of Red Hat.

All ELinks users are advised to upgrade to this updated package, which
contains a backported patch to resolve the issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
elinks-0.11.1-8.el5_9.src.rpm     MD5: 540b5c29062da0e6935b1ad67853a982
SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
 
IA-32:
elinks-0.11.1-8.el5_9.i386.rpm     MD5: 3d330dd121bb5019cd9db1455b72668b
SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm     MD5: 1e6efc28084e6d5e0446ca63a4d8fd66
SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01
 
IA-64:
elinks-0.11.1-8.el5_9.ia64.rpm     MD5: 6c4eda0947089728ff1f48cbe907a1ad
SHA-256: 90eb1ecdbce218d54a571b00673da1488a73f3829c25f3ff220ffbe07b89d9a9
elinks-debuginfo-0.11.1-8.el5_9.ia64.rpm     MD5: 8d64100f769dc36ab1abb9039c1dce18
SHA-256: 038d6a3e1ce51d14db0d8de522b923410321a17733a450339c2245f67c0d4ef4
 
PPC:
elinks-0.11.1-8.el5_9.ppc.rpm     MD5: 5a3fc0d6e918fdc48bed99ae9430bfbc
SHA-256: ff2f9e53d86283f9e3b6c0bcc2845a01ecf020ac0006730f1a681e505948eae4
elinks-debuginfo-0.11.1-8.el5_9.ppc.rpm     MD5: 96bfcf75531ed0312a88c8a6fcf62101
SHA-256: 44a3f50b5d3e2f950f8f04eb949ddeebea15a38466fc9057c32a9fc17c80bc78
 
s390x:
elinks-0.11.1-8.el5_9.s390x.rpm     MD5: 5b3837107ccfef62f1068de9d2abfa1c
SHA-256: e89f813619fd487a102cf8e1456b550676c241557cb406b5de1d90393c8d8628
elinks-debuginfo-0.11.1-8.el5_9.s390x.rpm     MD5: 18fe5c6ef9f7bdd583189cad4038e677
SHA-256: a347147717062b99bbbbd8c5ce9cf9f00594176dacff8d207091148b38dfd7c3
 
x86_64:
elinks-0.11.1-8.el5_9.x86_64.rpm     MD5: dc430d334a0add0296b839b092ff8cc3
SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm     MD5: 6dae168a4aa2dda1db68ec0f6ebb625e
SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
elinks-0.11.1-8.el5_9.src.rpm     MD5: 540b5c29062da0e6935b1ad67853a982
SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
 
IA-32:
elinks-0.11.1-8.el5_9.i386.rpm     MD5: 3d330dd121bb5019cd9db1455b72668b
SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm     MD5: 1e6efc28084e6d5e0446ca63a4d8fd66
SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01
 
x86_64:
elinks-0.11.1-8.el5_9.x86_64.rpm     MD5: dc430d334a0add0296b839b092ff8cc3
SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm     MD5: 6dae168a4aa2dda1db68ec0f6ebb625e
SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
elinks-0.12-0.21.pre5.el6_3.src.rpm     MD5: 60238d703be251744f7d85a9dd14ba85
SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
 
IA-32:
elinks-0.12-0.21.pre5.el6_3.i686.rpm     MD5: bca72758320d3e134793026e8314f4f1
SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm     MD5: cc9222e880d7e0f9557f63e435a44f66
SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348
 
x86_64:
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: 8ead16ec11eac262f11aac62bfecaffb
SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: aa36ef643741a2f3b635b09e1c044bb7
SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
 
Red Hat Enterprise Linux EUS (v. 5.9.z server)

SRPMS:
elinks-0.11.1-8.el5_9.src.rpm     MD5: 540b5c29062da0e6935b1ad67853a982
SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
 
IA-32:
elinks-0.11.1-8.el5_9.i386.rpm     MD5: 3d330dd121bb5019cd9db1455b72668b
SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm     MD5: 1e6efc28084e6d5e0446ca63a4d8fd66
SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01
 
IA-64:
elinks-0.11.1-8.el5_9.ia64.rpm     MD5: 6c4eda0947089728ff1f48cbe907a1ad
SHA-256: 90eb1ecdbce218d54a571b00673da1488a73f3829c25f3ff220ffbe07b89d9a9
elinks-debuginfo-0.11.1-8.el5_9.ia64.rpm     MD5: 8d64100f769dc36ab1abb9039c1dce18
SHA-256: 038d6a3e1ce51d14db0d8de522b923410321a17733a450339c2245f67c0d4ef4
 
PPC:
elinks-0.11.1-8.el5_9.ppc.rpm     MD5: 5a3fc0d6e918fdc48bed99ae9430bfbc
SHA-256: ff2f9e53d86283f9e3b6c0bcc2845a01ecf020ac0006730f1a681e505948eae4
elinks-debuginfo-0.11.1-8.el5_9.ppc.rpm     MD5: 96bfcf75531ed0312a88c8a6fcf62101
SHA-256: 44a3f50b5d3e2f950f8f04eb949ddeebea15a38466fc9057c32a9fc17c80bc78
 
s390x:
elinks-0.11.1-8.el5_9.s390x.rpm     MD5: 5b3837107ccfef62f1068de9d2abfa1c
SHA-256: e89f813619fd487a102cf8e1456b550676c241557cb406b5de1d90393c8d8628
elinks-debuginfo-0.11.1-8.el5_9.s390x.rpm     MD5: 18fe5c6ef9f7bdd583189cad4038e677
SHA-256: a347147717062b99bbbbd8c5ce9cf9f00594176dacff8d207091148b38dfd7c3
 
x86_64:
elinks-0.11.1-8.el5_9.x86_64.rpm     MD5: dc430d334a0add0296b839b092ff8cc3
SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm     MD5: 6dae168a4aa2dda1db68ec0f6ebb625e
SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
elinks-0.12-0.21.pre5.el6_3.src.rpm     MD5: 60238d703be251744f7d85a9dd14ba85
SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
 
x86_64:
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: 8ead16ec11eac262f11aac62bfecaffb
SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: aa36ef643741a2f3b635b09e1c044bb7
SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
 
Red Hat Enterprise Linux Long Life (v. 5.9 server)

SRPMS:
elinks-0.11.1-8.el5_9.src.rpm     MD5: 540b5c29062da0e6935b1ad67853a982
SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
 
IA-32:
elinks-0.11.1-8.el5_9.i386.rpm     MD5: 3d330dd121bb5019cd9db1455b72668b
SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm     MD5: 1e6efc28084e6d5e0446ca63a4d8fd66
SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01
 
IA-64:
elinks-0.11.1-8.el5_9.ia64.rpm     MD5: 6c4eda0947089728ff1f48cbe907a1ad
SHA-256: 90eb1ecdbce218d54a571b00673da1488a73f3829c25f3ff220ffbe07b89d9a9
elinks-debuginfo-0.11.1-8.el5_9.ia64.rpm     MD5: 8d64100f769dc36ab1abb9039c1dce18
SHA-256: 038d6a3e1ce51d14db0d8de522b923410321a17733a450339c2245f67c0d4ef4
 
x86_64:
elinks-0.11.1-8.el5_9.x86_64.rpm     MD5: dc430d334a0add0296b839b092ff8cc3
SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm     MD5: 6dae168a4aa2dda1db68ec0f6ebb625e
SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
elinks-0.12-0.21.pre5.el6_3.src.rpm     MD5: 60238d703be251744f7d85a9dd14ba85
SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
 
IA-32:
elinks-0.12-0.21.pre5.el6_3.i686.rpm     MD5: bca72758320d3e134793026e8314f4f1
SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm     MD5: cc9222e880d7e0f9557f63e435a44f66
SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348
 
PPC:
elinks-0.12-0.21.pre5.el6_3.ppc64.rpm     MD5: a4679cf58163788476086f467897981e
SHA-256: 3eaee5351d0da08e3ee9bb4294c1fb73a440c2ae7cc2623822791fd19dc0729e
elinks-debuginfo-0.12-0.21.pre5.el6_3.ppc64.rpm     MD5: add7abeba59589e0944c791ffb07fee0
SHA-256: bd942ef09cc0cd73db35668ff1dcce03eb86ba944b97659c26308ba92f95658c
 
s390x:
elinks-0.12-0.21.pre5.el6_3.s390x.rpm     MD5: 7985bd43e200081a7473cf8367ce3433
SHA-256: 2c690b2f94c400cee07c6fb95f827287b60f216ecbc82db2c41d5e7f4176e35e
elinks-debuginfo-0.12-0.21.pre5.el6_3.s390x.rpm     MD5: 9af38dc68bd7c6b2312270157403426d
SHA-256: cf44bd5e86a6251a3f7978f771c6dded07a447f99009292dd56f97221a5bb122
 
x86_64:
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: 8ead16ec11eac262f11aac62bfecaffb
SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: aa36ef643741a2f3b635b09e1c044bb7
SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
elinks-0.12-0.21.pre5.el6_3.src.rpm     MD5: 60238d703be251744f7d85a9dd14ba85
SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
 
IA-32:
elinks-0.12-0.21.pre5.el6_3.i686.rpm     MD5: bca72758320d3e134793026e8314f4f1
SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm     MD5: cc9222e880d7e0f9557f63e435a44f66
SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348
 
PPC:
elinks-0.12-0.21.pre5.el6_3.ppc64.rpm     MD5: a4679cf58163788476086f467897981e
SHA-256: 3eaee5351d0da08e3ee9bb4294c1fb73a440c2ae7cc2623822791fd19dc0729e
elinks-debuginfo-0.12-0.21.pre5.el6_3.ppc64.rpm     MD5: add7abeba59589e0944c791ffb07fee0
SHA-256: bd942ef09cc0cd73db35668ff1dcce03eb86ba944b97659c26308ba92f95658c
 
s390x:
elinks-0.12-0.21.pre5.el6_3.s390x.rpm     MD5: 7985bd43e200081a7473cf8367ce3433
SHA-256: 2c690b2f94c400cee07c6fb95f827287b60f216ecbc82db2c41d5e7f4176e35e
elinks-debuginfo-0.12-0.21.pre5.el6_3.s390x.rpm     MD5: 9af38dc68bd7c6b2312270157403426d
SHA-256: cf44bd5e86a6251a3f7978f771c6dded07a447f99009292dd56f97221a5bb122
 
x86_64:
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: 8ead16ec11eac262f11aac62bfecaffb
SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: aa36ef643741a2f3b635b09e1c044bb7
SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
elinks-0.12-0.21.pre5.el6_3.src.rpm     MD5: 60238d703be251744f7d85a9dd14ba85
SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
 
IA-32:
elinks-0.12-0.21.pre5.el6_3.i686.rpm     MD5: bca72758320d3e134793026e8314f4f1
SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm     MD5: cc9222e880d7e0f9557f63e435a44f66
SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348
 
x86_64:
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: 8ead16ec11eac262f11aac62bfecaffb
SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm     MD5: aa36ef643741a2f3b635b09e1c044bb7
SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

864566 - CVE-2012-4545 elinks: Improper delegation of client credentials during GSS negotiation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/