[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Censorware Summit Take II, from The Netly News




On Fri, Jul 18, 1997 at 02:48:15PM -0700, Alan wrote:
> 
> Get the new version of Lynx. (2.7?)  It does a better job of handling
> frames.

You should get it anyway, because of serious security related bug:

                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________
 
                             INFORMATION BULLETIN
 
               Lynx Temporary Files & LYDownload.c Vulnerabilities
 
July 16, 1997 16:00 GMT                                            
Number H-82
______________________________________________________________________________
PROBLEM:       Two vulnerabilities exist for Lynx: 1) temporary 
files, and
               2) LYDownload.c.
PLATFORM:      All Unix or Unix-like systems running Lynx up to and including
               version 2.7.1
DAMAGE:        1) May allow local users to gain root privileges.
               2) This vulnerability may be exploited by anyone who 
can provide
                  Lynx a carefully crafted URL.
SOLUTION:      Apply patches or workarounds listed below.

[...]  

-- 
Kent Crispin				"No reason to get excited",
[email protected]			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html