Debian Security Advisory DSA 1380-1 (elinks) Network Vulnerability

Summary

The remote host is missing an update to elinks announced via advisory DSA 1380-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201380-1

Insight

Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed. For the stable distribution (etch), this problem has been fixed in version 0.11.1-1.2etch1. For the unstable distribution (sid), this problem has been fixed in version 0.11.1-1.5. We recommend that you upgrade your elinks package.

Severity

Classification

CVE CVE-2007-5034
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1141-1 (gnupg2)
Debian Security Advisory DSA 062-1 (rxvt)
Debian Security Advisory DSA 077-1 (squid)
Debian Security Advisory DSA 1000-2 (libapreq2-perl)
Debian Security Advisory DSA 1094-1 (gforge)

Take action and discover your vulnerabilities