Lynx user? Upgrade it!
If you are a lynx user, prepare yourself to upgrade it.
According to an advisory from iDefense, there is a Command Injection Vulnerability on it, that "could allow attackers to execute arbitrary commands with the privileges of the underlying user.".
Some patch links:
Development version 2.8.6dev.15 has been released to address this issue and is available from the following URLs:
http://lynx.isc.org/current /lynx2.8.6dev.15.tar.Z
http://lynx.isc.org/current /lynx2.8.6dev.15.tar.bz2
http://lynx.isc.org/current /lynx2.8.6dev.15.tar.gz
http://lynx.isc.org/current /lynx2.8.6dev.15.zip
Alternately, an incremental patch is available at:
http://lynx.isc.org/current/2 .8.6dev.15.patch.gz
There is also a workaround (described in the bulletin) for those who can't upgrade.
-------------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
According to an advisory from iDefense, there is a Command Injection Vulnerability on it, that "could allow attackers to execute arbitrary commands with the privileges of the underlying user.".
Some patch links:
Development version 2.8.6dev.15 has been released to address this issue and is available from the following URLs:
http://lynx.isc.org/current
http://lynx.isc.org/current
http://lynx.isc.org/current
http://lynx.isc.org/current
Alternately, an incremental patch is available at:
http://lynx.isc.org/current/2
There is also a workaround (described in the bulletin) for those who can't upgrade.
Disable "lynxcgi" links by specifying the following directive in lynx.cfg:
TRUSTED_LYNXCGI:none
-------------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
Keywords:
0 comment(s)
×
Diary Archives
Comments