openSUSE Security Update: Security update for links
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2019:2185-1
Rating:             moderate
References:         #1149886 
Affected Products:
                    openSUSE Leap 15.1
                    openSUSE Leap 15.0
                    openSUSE Backports SLE-15-SP1
                    openSUSE Backports SLE-15
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for links fixes the following issues:

   links was updated to 2.20.1:

   * libevent bug fixes

   links was updated to 2.20:

   * Security bug fixed: when links was connected to tor, it would send real
     dns requests outside the tor network when the displayed page contains
     link elements with rel=dns-prefetch boo#1149886
   * stability improvements
   * file urls support local hostnames
   * mouse support improvement
   * improve interaction with Google
   * Support the zstd compression algorithm
   * Use proper cookie expiry

   links was updated to 2.19:

   * Fixed a crash on invalidn IDN URLs
   * Make font selection possible via fontconfig
   * Show certificate authority in Document info box
   * Use international error messages
   * The -dump switch didn't report errors on stdout write

   links was updated to 2.18:

   * Automatically enable tor mode when the socks port is 9050
   * When in tor mode, invert colors on top line and bottom line
   * Fix an incorrect shift in write_ev_queue
   * Fix runtime error sanitizer warning
   * Add a menu entry to save and load a clipboard
   * Don't synch with Xserver on every pixmap load
   * Fix "Network Options" bug that caused a timeout
   * Fix a possible integer overflow in decoder_memory_expand
   * Fix possible pointer arithmetics bug if os allocated few bytes
   * Add a button to never accept invalid certs for a given server
   * Fix incorrect strings -html-t-text-color
   * Add ascii replacement of Romanian S and T with comma
   * Fix a bug when IPv6 control connection to ftp server fails

   links was updated to 2.17:

   * Fix verifying SSL certificates for numeric IPv6 addresses
   * Delete the option -ftp.fast - it doesn't always work and ftp performance
     is not an issue anymore
   * Add bold and monospaced Turkish letter 'i' without a dot
   * On OS/2 allocate OpenSSL memory fro the lower heap. It fixes SSL on
     systems with old 16-bit TCP/IP stack
   * Fix IPv6 on OpenVMS Alpha
   * Support mouse scroll wheel in textarea
   * Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the
     "buggy" behavior and defines new codes 307 and 308 that retain the post
     data
   * X11 - fixed colormap leak when creating a new window
   * Fixed an infinite loop that happened in graphics mode if the user
     clicked on OK in "Miscellaneous options" dialog and more than one
     windows were open. This bug was introduced in Links 2.15
   * Support 6x6x6 RGB palette in 256-bit color mode on framebuffer
   * Implement dithering properly on OS/2 in 15-bit and 16-bit color mode. In
     8-bit mode, Links may optionally use a private palette - it improves
     visual quality of Links images, but degrades visual quality of other
     concurrently running programs.
   * Improve scrolling smoothness when the user drags the whole document
   * On OS/2, allocate large memory blocks directly (not with malloc). It
     reduces memory waste
   * Fixed a bug that setting terminal title and resizing a terminal didn't
     work on OS/2 and Windows. The bug was introduced in Links 2.16 when
     shutting up coverity warnings
   * Set link color to yellow by default
   * Delete the option -http-bugs.bug-post-no-keepalive. It was needed in
     1999 to avoid some bug in some http server and it is not needed anymore
   * Trust Content-Length on HTTP/1.0 redirect requests. This fixes hangs
     with misbehaving servers that honor Connection:keep-alive but send out
     HTTP/1.0 reply without Connection: keep-alive. Links thought that they
     don't support keep-alive and waited for the connection to close (for
     example https://www.raspberrypi.org/
   * Use keys 'H' and 'L' to select the top and bottom link on the current
     page

   links was updated to 2.16:

   * Improve handling of the DELETE key
   * Implement the bracketed paste mode
   * Fix various bugs found by coverity
   * Fix a crash in proxy authentication code
   * Fixed internal error "invalid set_handlers call" on framebuffer if links
     is suspend and terminate at the same time


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2019-2185=1

   - openSUSE Leap 15.0:

      zypper in -t patch openSUSE-2019-2185=1

   - openSUSE Backports SLE-15-SP1:

      zypper in -t patch openSUSE-2019-2185=1

   - openSUSE Backports SLE-15:

      zypper in -t patch openSUSE-2019-2185=1



Package List:

   - openSUSE Leap 15.1 (i586 x86_64):

      links-2.20.1-lp151.3.3.1
      links-debuginfo-2.20.1-lp151.3.3.1
      links-debugsource-2.20.1-lp151.3.3.1

   - openSUSE Leap 15.0 (x86_64):

      links-2.20.1-lp150.2.3.1
      links-debuginfo-2.20.1-lp150.2.3.1
      links-debugsource-2.20.1-lp150.2.3.1

   - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

      links-2.20.1-bp151.4.3.1

   - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

      links-2.20.1-bp150.2.3.1
      links-debuginfo-2.20.1-bp150.2.3.1
      links-debugsource-2.20.1-bp150.2.3.1


References:

   https://bugzilla.suse.com/1149886

--

openSUSE: 2019:2185-1: moderate: links

September 25, 2019
An update that contains security fixes can now be installed.

Description

This update for links fixes the following issues: links was updated to 2.20.1: * libevent bug fixes links was updated to 2.20: * Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with rel=dns-prefetch boo#1149886 * stability improvements * file urls support local hostnames * mouse support improvement * improve interaction with Google * Support the zstd compression algorithm * Use proper cookie expiry links was updated to 2.19: * Fixed a crash on invalidn IDN URLs * Make font selection possible via fontconfig * Show certificate authority in Document info box * Use international error messages * The -dump switch didn't report errors on stdout write links was updated to 2.18: * Automatically enable tor mode when the socks port is 9050 * When in tor mode, invert colors on top line and bottom line * Fix an incorrect shift in write_ev_queue * Fix runtime error sanitizer warning * Add a menu entry to save and load a clipboard * Don't synch with Xserver on every pixmap load * Fix "Network Options" bug that caused a timeout * Fix a possible integer overflow in decoder_memory_expand * Fix possible pointer arithmetics bug if os allocated few bytes * Add a button to never accept invalid certs for a given server * Fix incorrect strings -html-t-text-color * Add ascii replacement of Romanian S and T with comma * Fix a bug when IPv6 control connection to ftp server fails links was updated to 2.17: * Fix verifying SSL certificates for numeric IPv6 addresses * Delete the option -ftp.fast - it doesn't always work and ftp performance is not an issue anymore * Add bold and monospaced Turkish letter 'i' without a dot * On OS/2 allocate OpenSSL memory fro the lower heap. It fixes SSL on systems with old 16-bit TCP/IP stack * Fix IPv6 on OpenVMS Alpha * Support mouse scroll wheel in textarea * Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the "buggy" behavior and defines new codes 307 and 308 that retain the post data * X11 - fixed colormap leak when creating a new window * Fixed an infinite loop that happened in graphics mode if the user clicked on OK in "Miscellaneous options" dialog and more than one windows were open. This bug was introduced in Links 2.15 * Support 6x6x6 RGB palette in 256-bit color mode on framebuffer * Implement dithering properly on OS/2 in 15-bit and 16-bit color mode. In 8-bit mode, Links may optionally use a private palette - it improves visual quality of Links images, but degrades visual quality of other concurrently running programs. * Improve scrolling smoothness when the user drags the whole document * On OS/2, allocate large memory blocks directly (not with malloc). It reduces memory waste * Fixed a bug that setting terminal title and resizing a terminal didn't work on OS/2 and Windows. The bug was introduced in Links 2.16 when shutting up coverity warnings * Set link color to yellow by default * Delete the option -http-bugs.bug-post-no-keepalive. It was needed in 1999 to avoid some bug in some http server and it is not needed anymore * Trust Content-Length on HTTP/1.0 redirect requests. This fixes hangs with misbehaving servers that honor Connection:keep-alive but send out HTTP/1.0 reply without Connection: keep-alive. Links thought that they don't support keep-alive and waited for the connection to close (for example https://www.raspberrypi.org/ * Use keys 'H' and 'L' to select the top and bottom link on the current page links was updated to 2.16: * Improve handling of the DELETE key * Implement the bracketed paste mode * Fix various bugs found by coverity * Fix a crash in proxy authentication code * Fixed internal error "invalid set_handlers call" on framebuffer if links is suspend and terminate at the same time

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-2185=1


Package List

- openSUSE Leap 15.1 (i586 x86_64): links-2.20.1-lp151.3.3.1 links-debuginfo-2.20.1-lp151.3.3.1 links-debugsource-2.20.1-lp151.3.3.1 - openSUSE Leap 15.0 (x86_64): links-2.20.1-lp150.2.3.1 links-debuginfo-2.20.1-lp150.2.3.1 links-debugsource-2.20.1-lp150.2.3.1 - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): links-2.20.1-bp151.4.3.1 - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): links-2.20.1-bp150.2.3.1 links-debuginfo-2.20.1-bp150.2.3.1 links-debugsource-2.20.1-bp150.2.3.1


References

https://bugzilla.suse.com/1149886--


Severity
Announcement ID: openSUSE-SU-2019:2185-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved