Debian: lynx lynx-ssl CRLF injection
Summary
Package : lynx, lynx-ssl
Problem type : CRLF injection
Debian-specific: no
lynx (a text-only web browser) did not properly check for illegal
characters in all places, including processing of command line options,
which could be used to insert extra HTTP headers in a request.
For Debian GNU/Linux 2.2/potato this has been fixed in version 2.8.3-1.1
of the lynx package and version 2.8.3.1-1.1 of the lynx-ssl package.
For Debian GNU/Linux 3.0/woody this has been fixed in version 2.8.4.1b-3.2
of the lynx package and version 1:2.8.4.1b-3.1 of the lynx-ssl package.
------------------------------------------------------------------------
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates
Additional information can be found on the Debian security webpages
at Debian -- Security Information
------------------------------------------------------------------------
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
Size/MD5 checksum: 2058352 2ee38e4b05d587a787c33bff9085c098
Size/MD5 checksum: 1279 3eccb5692780db83f078013ff8796224
Size/MD5 checksum: 1229 2924513df600a7cc6b4d29987a325107
Size/MD5 checksum: 2024975 0fc239287592e885231e4be2fb2cd755
Size/MD5 checksum: 20091 507a328f301a1c37471a69e60df4479d
Size/MD5 checksum: 101630 59d4dfb527584001374bebdcc9760623
alpha architecture (DEC Alpha)
Size/MD5 checksum: 1165112 dce2288ab84eaac8851c657ab271f5cd
Size/MD5 checksum: 1155516 775381bbf1c7c5f3177b17369969fda7
arm architecture (ARM)
Size/MD5 checksum: 1018784 ba8d2ee2271ebb56216e4f9c67690f6a
Size/MD5 checksum: 1006492 85a7c675d239cce67e4d7076d69e8c48
i386 architecture (Intel ia32)
Size/MD5 checksum: 973310 9f591d8c7e97b1bd84da2f841397a75c
Size/MD5 checksum: 980678 ef6cf5f0e4a8781b14876639fafa78be
m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 928930 b77c252b5da24613fd6b24ee7b8f09f5
Size/MD5 checksum: 938162 e3b5992515dfb3f537ee9ece56a05083
powerpc architecture (PowerPC)
Size/MD5 checksum: 1026988 3453040226d6fde9fb23ff8334d5e382
Size/MD5 checksum: 1015372 c2e0c1e1026f7fd2053d2c09cab90be1
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 1015696 3a207988cadc086720029abf6a227954
Size/MD5 checksum: 1028208 bf6725e66a603d0652a6a987f737c64b
Debian GNU/Linux 3.0 alias woody
--------------------------------
Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a
Size/MD5 checksum: 14143 0d4c52fb301bc17ddc2f4f5117bf020b
Size/MD5 checksum: 1307 19488ce4d65e93b7ca412a3f3a818581
Size/MD5 checksum: 1221 768cb74ff2df353a07739ceacde62fe1
Size/MD5 checksum: 87306 d4cced8e81fb4ad0bf005d5ae04387b3
alpha architecture (DEC Alpha)
Size/MD5 checksum: 1610106 40e75977e49a5f96059129febf1e8bd7
Size/MD5 checksum: 1617220 de2a07846520d29d8168624ecadb023d
arm architecture (ARM)
Size/MD5 checksum: 1487560 35f377be3b161fb8235d4a0a18982ce1
Size/MD5 checksum: 1491566 6e2605111b5dc7164b4db2c542fe2dde
hppa architecture (HP PA RISC)
Size/MD5 checksum: 1555212 72b2a7385c8dd606107486349d7bed7a
Size/MD5 checksum: 1559452 6cb03b8fbf8fa7a6eaaee52777a36737
i386 architecture (Intel ia32)
Size/MD5 checksum: 1449936 c0818c607e10ab576f463eab64267e2e
Size/MD5 checksum: 1444654 c076ad1599549f031a50e220cecbedc1
ia64 architecture (Intel ia64)
Size/MD5 checksum: 1762384 fb7e808dc23dcf5676f350ee5de99b65
Size/MD5 checksum: 1769046 75740213ea49a9eb3bcba91e477f2f44
m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 1405466 d0faf24997b42bb50ac6995cfb69f2f9
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 1511738 332f842adc76b43e6b89296605ea5932
Size/MD5 checksum: 1507588 11722f38007efb06835c4092dad8489a
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 1503806 479ff36c446a959d2817234ec4c7f2b3
Size/MD5 checksum: 1507614 ffff3c5c89164dc560159852f09968a5
powerpc architecture (PowerPC)
Size/MD5 checksum: 1496782 ca05c2e570046afafb985a418d60c093
Size/MD5 checksum: 1490836 e12d4c0dc846b538bd7484e70b8da9c8
s390 architecture (IBM S/390)
Size/MD5 checksum: 1453926 e728dd600feb2ebf07ee7e31196ea8da
Size/MD5 checksum: 1460742 6504cf5ee0e0feaf35b237b544873534
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 1497176 58f9a53667ef85fea0f0e1b07ff9c0e1
Size/MD5 checksum: 1492610 d987da73b4606999ec239d72ec00a30a
--
----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
Debian -- Security Information
Mailing-List: debian-security-announce@lists.debian.org
