BugTraq
[SECURITY] [DSA 1076-1] New lynx packages fix denial of service May 26 2006 01:53PM
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1076-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
--

Package : lynx
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2004-1617
BugTraq ID : 11443
Debian Bug : 296340

Michal Zalewski discovered that lynx, the popular text-mode WWW
Browser, is not able to grok invalid HTML including a TEXTAREA tag
with a large COLS value and a large tag name in an element that is not
terminated, and loops forever trying to render the broken HTML.

For the old stable distribution (woody) this problem has been fixed in
version 2.8.4.1b-3.4.

For the stable distribution (sarge) this problem has been fixed in
version 2.8.5-2sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.8.5-2sarge2.

We recommend that you upgrade your lynx package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.ds
c
Size/MD5 checksum: 581 a9853909c61c5ef2fcc8868599f9b875
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.di
ff.gz
Size/MD5 checksum: 16334 74bce8912c28f979c33055a012cf29d6
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.t
ar.gz
Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_al
pha.deb
Size/MD5 checksum: 1610344 3e1ec04a0c6532506519e8051a0067b6

ARM architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_ar
m.deb
Size/MD5 checksum: 1487906 a06ad20f4d8a0ce1cc0d59a0dfa24e9b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_i3
86.deb
Size/MD5 checksum: 1444914 cb6449afd1e3029d06606bf823e0f064

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_ia
64.deb
Size/MD5 checksum: 1762966 cb0b05d5cb148372fd2cd3d2e99843cc

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_hp
pa.deb
Size/MD5 checksum: 1555454 79392b2914654a7d4519247d9584e816

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_m6
8k.deb
Size/MD5 checksum: 1405980 1df4dff2fc4191ee512811e0ac42c361

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mi
ps.deb
Size/MD5 checksum: 1508022 d5b58fc5611b1ea1d37bc5a1034478f1

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mi
psel.deb
Size/MD5 checksum: 1504120 1078ef11583d9664fecd2d9d5712ecad

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_po
werpc.deb
Size/MD5 checksum: 1491256 2967d2f0c3a722b4b42a2b06510aabcc

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_s3
90.deb
Size/MD5 checksum: 1463536 5a5692d6d572ef301d052e7e8c62d004

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_sp
arc.deb
Size/MD5 checksum: 1492926 6bb21df62a773736a1f694cedacea3de

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.d
sc
Size/MD5 checksum: 616 241c00a777c333b7270d8dbdaa4ad210
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.d
iff.gz
Size/MD5 checksum: 17357 22b394977569bbeda207bfb5bcb42175
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.
gz
Size/MD5 checksum: 2984352 5f516a10596bd52c677f9bfd9579bc28

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_a
lpha.deb
Size/MD5 checksum: 1994618 4a23d6234470f59a47100bcd13d18a51

AMD64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_a
md64.deb
Size/MD5 checksum: 1881876 046312043fffdbcf5ad218074e21e119

ARM architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_a
rm.deb
Size/MD5 checksum: 1853176 0d33e5835a479accab8c3282cdc19c14

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_i
386.deb
Size/MD5 checksum: 1854894 1e525c61aac1e0fac0ddad4d9e15d8f6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_i
a64.deb
Size/MD5 checksum: 2128572 78bfa4c383e41d352b67595da80904c9

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_h
ppa.deb
Size/MD5 checksum: 1909746 371fb69c98ff2e510861ba210ec11bda

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m
68k.deb
Size/MD5 checksum: 1780836 bdf8b0d6a711cf21202ef86189cfb8bf

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m
ips.deb
Size/MD5 checksum: 1894118 9be5baba4f5e3f99b618553c4252b289

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m
ipsel.deb
Size/MD5 checksum: 1889604 11840739365387bb4741099f9310c77c

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_p
owerpc.deb
Size/MD5 checksum: 1878302 4885a52c8ad1992335f5c9f87ef522cf

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_s
390.deb
Size/MD5 checksum: 1866982 8125a8d85817c29d3984fdb2d2ac4df6

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_s
parc.deb
Size/MD5 checksum: 1861484 407b283a4c8656a0ef1a5935780c8204

These files will probably be moved into the stable distribution on
its next update.

- ------------------------------------------------------------------------
---------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEdwhJW5ql+IAeqTIRAr+IAJ9Qn7H5oFJJYyZuN8oaxgUXsZAy+ACgjRn7
aWMRPJtnJ5Xf2D5V0OuRTic=
=n7+V
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus