Debian: New lynx packages fix denial of service

    Date26 May 2006
    CategoryDebian
    4347
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1076-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    May 26th, 2006                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : lynx
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2004-1617
    BugTraq ID     : 11443
    Debian Bug     : 296340
    
    Michal Zalewski discovered that lynx, the popular text-mode WWW
    Browser, is not able to grok invalid HTML including a TEXTAREA tag
    with a large COLS value and a large tag name in an element that is not
    terminated, and loops forever trying to render the broken HTML.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 2.8.4.1b-3.4.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.8.5-2sarge2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.8.5-2sarge2.
    
    We recommend that you upgrade your lynx package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.dsc
          Size/MD5 checksum:      581 a9853909c61c5ef2fcc8868599f9b875
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.diff.gz
          Size/MD5 checksum:    16334 74bce8912c28f979c33055a012cf29d6
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
          Size/MD5 checksum:  2557510 053a10f76b871e3944c11c7776da7f7a
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_alpha.deb
          Size/MD5 checksum:  1610344 3e1ec04a0c6532506519e8051a0067b6
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_arm.deb
          Size/MD5 checksum:  1487906 a06ad20f4d8a0ce1cc0d59a0dfa24e9b
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_i386.deb
          Size/MD5 checksum:  1444914 cb6449afd1e3029d06606bf823e0f064
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_ia64.deb
          Size/MD5 checksum:  1762966 cb0b05d5cb148372fd2cd3d2e99843cc
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_hppa.deb
          Size/MD5 checksum:  1555454 79392b2914654a7d4519247d9584e816
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_m68k.deb
          Size/MD5 checksum:  1405980 1df4dff2fc4191ee512811e0ac42c361
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mips.deb
          Size/MD5 checksum:  1508022 d5b58fc5611b1ea1d37bc5a1034478f1
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mipsel.deb
          Size/MD5 checksum:  1504120 1078ef11583d9664fecd2d9d5712ecad
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_powerpc.deb
          Size/MD5 checksum:  1491256 2967d2f0c3a722b4b42a2b06510aabcc
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_s390.deb
          Size/MD5 checksum:  1463536 5a5692d6d572ef301d052e7e8c62d004
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_sparc.deb
          Size/MD5 checksum:  1492926 6bb21df62a773736a1f694cedacea3de
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.dsc
          Size/MD5 checksum:      616 241c00a777c333b7270d8dbdaa4ad210
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.diff.gz
          Size/MD5 checksum:    17357 22b394977569bbeda207bfb5bcb42175
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
          Size/MD5 checksum:  2984352 5f516a10596bd52c677f9bfd9579bc28
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_alpha.deb
          Size/MD5 checksum:  1994618 4a23d6234470f59a47100bcd13d18a51
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_amd64.deb
          Size/MD5 checksum:  1881876 046312043fffdbcf5ad218074e21e119
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_arm.deb
          Size/MD5 checksum:  1853176 0d33e5835a479accab8c3282cdc19c14
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_i386.deb
          Size/MD5 checksum:  1854894 1e525c61aac1e0fac0ddad4d9e15d8f6
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_ia64.deb
          Size/MD5 checksum:  2128572 78bfa4c383e41d352b67595da80904c9
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_hppa.deb
          Size/MD5 checksum:  1909746 371fb69c98ff2e510861ba210ec11bda
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m68k.deb
          Size/MD5 checksum:  1780836 bdf8b0d6a711cf21202ef86189cfb8bf
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mips.deb
          Size/MD5 checksum:  1894118 9be5baba4f5e3f99b618553c4252b289
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mipsel.deb
          Size/MD5 checksum:  1889604 11840739365387bb4741099f9310c77c
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_powerpc.deb
          Size/MD5 checksum:  1878302 4885a52c8ad1992335f5c9f87ef522cf
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_s390.deb
          Size/MD5 checksum:  1866982 8125a8d85817c29d3984fdb2d2ac4df6
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_sparc.deb
          Size/MD5 checksum:  1861484 407b283a4c8656a0ef1a5935780c8204
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":51.32,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.47,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"26","type":"x","order":"3","pct":34.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.