Mageia 8 Lynx Update: 2021-0422 Moderate Credential Exposure

mageia

September 23, 2021

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data

Summary

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. (CVE-2021-38165)

References

- https://bugs.mageia.org/show_bug.cgi?id=29342

- https://www.openwall.com/lists/oss-security/2021/08/07/9

- https://lists.debian.org/debian-security-announce/2021/msg00136.html

- https://www.cve.org/CVERecord?id=CVE-2021-38165

Topics Covered

security advisory lynx credential leak remote exposure Mageia

Resolution

SRPMS

- 8/core/lynx-2.8.9-0.dev17.4.1.mga8

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 23 Sep 2021

URL: https://advisories.mageia.org/MGASA-2021-0422.html

Type: security

CVE: CVE-2021-38165

Topics Covered

security advisory lynx credential leak remote exposure Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 8 Lynx Update: 2021-0422 Moderate Credential Exposure

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 8 Lynx Update: 2021-0422 Moderate Credential Exposure

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!