Linux Security
    Linux Security
    Linux Security

    Debian: lynx lynx-ssl CRLF injection

    Date 13 Dec 2002
    3060
    Posted By LinuxSecurity Advisories
    lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-210-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                         Wichert Akkerman
    December 13, 2002
    ------------------------------------------------------------------------
    
    
    Package        : lynx, lynx-ssl
    Problem type   : CRLF injection
    Debian-specific: no
    
    lynx (a text-only web browser) did not properly check for illegal
    characters in all places, including processing of command line options,
    which could be used to insert extra HTTP headers in a request.
    
    For Debian GNU/Linux 2.2/potato this has been fixed in version 2.8.3-1.1
    of the lynx package and version 2.8.3.1-1.1 of the lynx-ssl package.
    
    For Debian GNU/Linux 3.0/woody this has been fixed in version 2.8.4.1b-3.2
    of the lynx package and version 1:2.8.4.1b-3.1 of the lynx-ssl package.
    
    ------------------------------------------------------------------------
    
    Obtaining updates:
    
      By hand:
        wget URL
            will fetch the file for you.
        dpkg -i FILENAME.deb
            will install the fetched file.
    
      With apt:
        deb  https://security.debian.org/ stable/updates main
            added to /etc/apt/sources.list will provide security updates
    
    Additional information can be found on the Debian security webpages
    at  https://www.debian.org/security/
    
    ------------------------------------------------------------------------
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1.orig.tar.gz
          Size/MD5 checksum:  2058352 2ee38e4b05d587a787c33bff9085c098
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1.dsc
          Size/MD5 checksum:     1279 3eccb5692780db83f078013ff8796224
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1.dsc
          Size/MD5 checksum:     1229 2924513df600a7cc6b4d29987a325107
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3.orig.tar.gz
          Size/MD5 checksum:  2024975 0fc239287592e885231e4be2fb2cd755
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1.diff.gz
          Size/MD5 checksum:    20091 507a328f301a1c37471a69e60df4479d
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1.diff.gz
          Size/MD5 checksum:   101630 59d4dfb527584001374bebdcc9760623
    
      alpha architecture (DEC Alpha)
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_alpha.deb
          Size/MD5 checksum:  1165112 dce2288ab84eaac8851c657ab271f5cd
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_alpha.deb
          Size/MD5 checksum:  1155516 775381bbf1c7c5f3177b17369969fda7
    
      arm architecture (ARM)
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_arm.deb
          Size/MD5 checksum:  1018784 ba8d2ee2271ebb56216e4f9c67690f6a
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_arm.deb
          Size/MD5 checksum:  1006492 85a7c675d239cce67e4d7076d69e8c48
    
      i386 architecture (Intel ia32)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_i386.deb
          Size/MD5 checksum:   973310 9f591d8c7e97b1bd84da2f841397a75c
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_i386.deb
          Size/MD5 checksum:   980678 ef6cf5f0e4a8781b14876639fafa78be
    
      m68k architecture (Motorola Mc680x0)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_m68k.deb
          Size/MD5 checksum:   928930 b77c252b5da24613fd6b24ee7b8f09f5
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_m68k.deb
          Size/MD5 checksum:   938162 e3b5992515dfb3f537ee9ece56a05083
    
      powerpc architecture (PowerPC)
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_powerpc.deb
          Size/MD5 checksum:  1026988 3453040226d6fde9fb23ff8334d5e382
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_powerpc.deb
          Size/MD5 checksum:  1015372 c2e0c1e1026f7fd2053d2c09cab90be1
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_sparc.deb
          Size/MD5 checksum:  1015696 3a207988cadc086720029abf6a227954
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_sparc.deb
          Size/MD5 checksum:  1028208 bf6725e66a603d0652a6a987f737c64b
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
      powerpc, s390 and sparc.
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
          Size/MD5 checksum:  2557510 053a10f76b871e3944c11c7776da7f7a
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2.diff.gz
          Size/MD5 checksum:    14143 0d4c52fb301bc17ddc2f4f5117bf020b
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1.dsc
          Size/MD5 checksum:     1307 19488ce4d65e93b7ca412a3f3a818581
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2.dsc
          Size/MD5 checksum:     1221 768cb74ff2df353a07739ceacde62fe1
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1.diff.gz
          Size/MD5 checksum:    87306 d4cced8e81fb4ad0bf005d5ae04387b3
    
      alpha architecture (DEC Alpha)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_alpha.deb
          Size/MD5 checksum:  1610106 40e75977e49a5f96059129febf1e8bd7
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_alpha.deb
          Size/MD5 checksum:  1617220 de2a07846520d29d8168624ecadb023d
      arm architecture (ARM)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_arm.deb
          Size/MD5 checksum:  1487560 35f377be3b161fb8235d4a0a18982ce1
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_arm.deb
          Size/MD5 checksum:  1491566 6e2605111b5dc7164b4db2c542fe2dde
    
      hppa architecture (HP PA RISC)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_hppa.deb
          Size/MD5 checksum:  1555212 72b2a7385c8dd606107486349d7bed7a
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_hppa.deb
          Size/MD5 checksum:  1559452 6cb03b8fbf8fa7a6eaaee52777a36737
    
      i386 architecture (Intel ia32)
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_i386.deb
          Size/MD5 checksum:  1449936 c0818c607e10ab576f463eab64267e2e
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_i386.deb
          Size/MD5 checksum:  1444654 c076ad1599549f031a50e220cecbedc1
    
      ia64 architecture (Intel ia64)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_ia64.deb
          Size/MD5 checksum:  1762384 fb7e808dc23dcf5676f350ee5de99b65
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_ia64.deb
          Size/MD5 checksum:  1769046 75740213ea49a9eb3bcba91e477f2f44
    
      m68k architecture (Motorola Mc680x0)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_m68k.deb
          Size/MD5 checksum:  1405466 d0faf24997b42bb50ac6995cfb69f2f9
    
      mips architecture (MIPS (Big Endian))
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_mips.deb
          Size/MD5 checksum:  1511738 332f842adc76b43e6b89296605ea5932
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_mips.deb
          Size/MD5 checksum:  1507588 11722f38007efb06835c4092dad8489a
    
      mipsel architecture (MIPS (Little Endian))
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_mipsel.deb
          Size/MD5 checksum:  1503806 479ff36c446a959d2817234ec4c7f2b3
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_mipsel.deb
          Size/MD5 checksum:  1507614 ffff3c5c89164dc560159852f09968a5
    
      powerpc architecture (PowerPC)
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_powerpc.deb
          Size/MD5 checksum:  1496782 ca05c2e570046afafb985a418d60c093
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_powerpc.deb
          Size/MD5 checksum:  1490836 e12d4c0dc846b538bd7484e70b8da9c8
    
      s390 architecture (IBM S/390)
    
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_s390.deb
          Size/MD5 checksum:  1453926 e728dd600feb2ebf07ee7e31196ea8da
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_s390.deb
          Size/MD5 checksum:  1460742 6504cf5ee0e0feaf35b237b544873534
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         https://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_sparc.deb
          Size/MD5 checksum:  1497176 58f9a53667ef85fea0f0e1b07ff9c0e1
         https://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_sparc.deb
          Size/MD5 checksum:  1492610 d987da73b4606999ec239d72ec00a30a
    
    --
    ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    https://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.