Debian: New elinks packages fix information disclosure

    Date02 Oct 2007
    CategoryDebian
    2431
    Posted ByLinuxSecurity Advisories
    Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA 1380-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                               Steve Kemp
    October 2nd, 2007                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : elinks
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-5034
    Debian Bug     : 443891
    
    Kalle Olavi Niemitalo  discovered that elinks, an advanced text-mode WWW 
    browser, sent HTTP POST data in cleartext when using an HTTPS proxy server
    potentially allowing private information to be disclosed.
    
    For the stable distribution (etch), this problem has been fixed in version
    0.11.1-1.2etch1.
    
    For the unstable distribution (sid), this problem has been fixed in version
    0.11.1-1.5.
    
    We recommend that you upgrade your elinks package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1.orig.tar.gz
        Size/MD5 checksum:  3863617 dce0fa7cb2b6e7194ddd00e34825218b
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.diff.gz
        Size/MD5 checksum:    30543 87f297355ad1e6d20bab5569672aad5e
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.dsc
        Size/MD5 checksum:      872 a4af1ff56a8d39bdf1a92cedce2f335c
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_alpha.deb
        Size/MD5 checksum:   497732 f553f66a91b2245cfa42088a2b4d4517
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_alpha.deb
        Size/MD5 checksum:  1260704 10b023af79e9d90a7cd664328f5118b5
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_amd64.deb
        Size/MD5 checksum:   458734 41f1f71a5e3fccf0dde9597bd871cb39
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_amd64.deb
        Size/MD5 checksum:  1222408 c3ad38db3fbc3a1c130115ab83506bda
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_arm.deb
        Size/MD5 checksum:   416964 f7c68b19da989a205d0aa045c91c87eb
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_arm.deb
        Size/MD5 checksum:  1179150 c3560026dc7aa46613ddbb2a24f070cb
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_hppa.deb
        Size/MD5 checksum:  1245642 0a9eb32d625456d171a987d5efe50296
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_hppa.deb
        Size/MD5 checksum:   480962 ca0f2c3876e1eb5c1b66f7ce5661cc39
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_i386.deb
        Size/MD5 checksum:   423676 5e433eb3f0c5f6f004ea2285282a4455
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_i386.deb
        Size/MD5 checksum:  1187014 557a2322c1f91a8debb9993cb46a8f51
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_ia64.deb
        Size/MD5 checksum:  1432774 4a2706c3945ae2fdc842a67b5d25ca10
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_ia64.deb
        Size/MD5 checksum:   624134 4c2e59b24b38c3b9fbeb104fb373160b
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mips.deb
        Size/MD5 checksum:  1229684 e05d34e21f29f58c93c05c203c448d4b
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mips.deb
        Size/MD5 checksum:   470490 a7c54a8151b9b3268e00b3f517f60eb7
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mipsel.deb
        Size/MD5 checksum:   466824 53be2f6ef576c97a3aaa01c6af2bb0ac
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mipsel.deb
        Size/MD5 checksum:  1223900 a6463ca7afd8ec0781c797c3dfc56e91
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_powerpc.deb
        Size/MD5 checksum:  1216652 f3e8b9f594f0c124a31f4da53e6f8cb6
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_powerpc.deb
        Size/MD5 checksum:   450062 1096cd8ffbac60db3214227da0d1ff16
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_s390.deb
        Size/MD5 checksum:  1232356 95c8e47b24e9eab54e8f809d077b92f0
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_s390.deb
        Size/MD5 checksum:   470440 1166adf5d3fbcd304ac7eb788288725c
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_sparc.deb
        Size/MD5 checksum:  1184566 adc468ee0c3f9dd86eddba8d822009fa
      http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_sparc.deb
        Size/MD5 checksum:   418768 a1d988ba82f30199d83b1d717fee7fbb
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.