Lynx Command Line URL CRLF Injection Vulnerability

Solution:
ELinks 0.4pre15 is not vulnerable to this issue. Users of ELinks are urged to download and install the newest version of ELinks:

Conectiva has released an advisory (CLA-2003:720) to address this issue. Please see the attached advisory for further details regarding applying fixes. Fixes are linked below.

SCO has released a security advisory. Fixes for OpenLinux are available.

The Lynx patch is now available at a different location.

Debian has released an advisory (Debian Security Advisory DSA-210-1) which contains fixes. Please see the attached advisory for more details on obtaining fixes.

Red Hat has release advisory RHSA-2003:029-06 to address this issue.

OpenPKG has made fixes versions of their lynx package available. See referenced advisory for more details.

Sun has released a fix for Sun Linux 5.0.6.

The following fixes are available:


ELinks ELinks 0.2.4

ELinks ELinks 0.3.2

University of Kansas Lynx 2.8.3

University of Kansas Lynx 2.8.4

University of Kansas Lynx 2.8.4 rel.1

University of Kansas Lynx 2.8.5 dev.8


 

Privacy Statement
Copyright 2010, SecurityFocus