Lynx Command Line URL CRLF Injection Vulnerability
ELinks 0.4pre15 is not vulnerable to this issue. Users of ELinks are urged to download and install the newest version of ELinks:
Conectiva has released an advisory (CLA-2003:720) to address this issue. Please see the attached advisory for further details regarding applying fixes. Fixes are linked below.
SCO has released a security advisory. Fixes for OpenLinux are available.
The Lynx patch is now available at a different location.
Debian has released an advisory (Debian Security Advisory DSA-210-1) which contains fixes. Please see the attached advisory for more details on obtaining fixes.
Red Hat has release advisory RHSA-2003:029-06 to address this issue.
OpenPKG has made fixes versions of their lynx package available. See referenced advisory for more details.
Sun has released a fix for Sun Linux 5.0.6.
The following fixes are available:
ELinks ELinks 0.2.4
ELinks ELinks 0.3.2
University of Kansas Lynx 2.8.3
University of Kansas Lynx 2.8.4
University of Kansas Lynx 2.8.4 rel.1
University of Kansas Lynx 2.8.5 dev.8