Debian: DSA-1902-1: New elinks packages fix arbitrary code execution

    Date05 Oct 2009
    CategoryDebian
    37
    Posted ByLinuxSecurity Advisories
    Jakub Wilk discovered an off-by-one buffer overflow in the charset handling of elinks, a feature-rich text-mode WWW browser, which might lead to the execution of arbitrary code if the user is tricked into opening a malformed HTML page.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1902-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    October 05, 2009                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : elinks
    Vulnerability  : buffer overflow
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-7224
    Debian Bug     : 380347
    
    Jakub Wilk discovered an off-by-one buffer overflow in the charset 
    handling of elinks, a feature-rich text-mode WWW browser, which might
    lead to the execution of arbitrary code if the user is tricked into
    opening a malformed HTML page.
    
    For the old stable distribution (etch), this problem has been fixed in
    version 0.11.1-1.2etch2.
    
    The stable distribution (lenny) and the unstable distribution (sid)
    already contain a patch for this problem.
    
    We recommend that you upgrade your elinks package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2.diff.gz
        Size/MD5 checksum:    30564 48727476dbfed45200797a0504fa6e4a
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1.orig.tar.gz
        Size/MD5 checksum:  3863617 dce0fa7cb2b6e7194ddd00e34825218b
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2.dsc
        Size/MD5 checksum:      872 870acbbc16c166c0e17669f435cf4478
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_alpha.deb
        Size/MD5 checksum:   496748 65a9e90caf0005912d0f307447bb7252
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_alpha.deb
        Size/MD5 checksum:  1264746 750b9c9425d331afdd84ae9e8ec397cc
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_amd64.deb
        Size/MD5 checksum:   457658 d35d0729240a9a3e4edf596fab8b5519
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_amd64.deb
        Size/MD5 checksum:  1219062 eeb677af4bd1f969062dcc49a6c5797f
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_arm.deb
        Size/MD5 checksum:  1179258 2236eef0018c35106157254f1a9b5371
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_arm.deb
        Size/MD5 checksum:   417026 d6298439e61cfd390dc5f885fa6d3ce9
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_hppa.deb
        Size/MD5 checksum:  1249718 200ea460bf1c50c7c77fb818b99d6f93
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_hppa.deb
        Size/MD5 checksum:   481296 4d1ffd49415dc0f727fec71843e0cf1e
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_i386.deb
        Size/MD5 checksum:   423782 fd2bdd5f8d85049dd34e9d392cfb0d55
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_i386.deb
        Size/MD5 checksum:  1188386 6b5bd5cc0801cc98c5f89eb755036a58
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_ia64.deb
        Size/MD5 checksum:  1432996 3f1c8fd354685e153aa0bf6001811f72
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_ia64.deb
        Size/MD5 checksum:   624264 6ab1d3d6329c2fbbd366c7979846be04
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_mipsel.deb
        Size/MD5 checksum:  1223924 88dab6a6625382e7d7531f9f45f2fb6d
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_mipsel.deb
        Size/MD5 checksum:   466916 3f54531dc562935768748e8626c3cd8a
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_powerpc.deb
        Size/MD5 checksum:   450082 4cb3cbeda69cd02ddc99b132d26998c5
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_powerpc.deb
        Size/MD5 checksum:  1216856 ed85e75381a7bfdd094e21e0e16ecbfd
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_s390.deb
        Size/MD5 checksum:  1232366 5eafbb1dcf688fe54bd347afab8d6da8
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_s390.deb
        Size/MD5 checksum:   470580 9da53a0cc795e3943c250a44810f006d
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_sparc.deb
        Size/MD5 checksum:   419686 6177d561615f0c17f9e46e3642899870
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_sparc.deb
        Size/MD5 checksum:  1186370 1f7db95ad501df7b756e3ccaf2dc754d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.