Mandriva Update For Lynx MDVSA-2008:218 (lynx) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690). This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.

Affected

lynx on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64

Severity

Classification

CVE CVE-2008-4690
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:182 (firefox)
Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
Mandrake Security Advisory MDVSA-2009:142 (jasper)
Mandrake Security Advisory MDVSA-2009:013 (mplayer)

Mandriva Update for lynx MDVSA-2008:218 (lynx)

Take action and discover your vulnerabilities