[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Censorware Summit Take II, from The Netly News
On Fri, Jul 18, 1997 at 02:48:15PM -0700, Alan wrote:
>
> Get the new version of Lynx. (2.7?) It does a better job of handling
> frames.
You should get it anyway, because of serious security related bug:
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Lynx Temporary Files & LYDownload.c Vulnerabilities
July 16, 1997 16:00 GMT
Number H-82
______________________________________________________________________________
PROBLEM: Two vulnerabilities exist for Lynx: 1) temporary
files, and
2) LYDownload.c.
PLATFORM: All Unix or Unix-like systems running Lynx up to and including
version 2.7.1
DAMAGE: 1) May allow local users to gain root privileges.
2) This vulnerability may be exploited by anyone who
can provide
Lynx a carefully crafted URL.
SOLUTION: Apply patches or workarounds listed below.
[...]
--
Kent Crispin "No reason to get excited",
[email protected] the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html