RedHat: Moderate: elinks security update
Summary
Summary
ELinks is a text mode Web browser used from the command line that supports rendering modern web pages. An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. POST data sent via a proxy to an https site is not properly encrypted by ELinks, possibly allowing the disclosure of sensitive information. (CVE-2007-5034) All users of Elinks are advised to upgrade to this updated package, which contains a backported patch that resolves this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm
ppc:
2901b97c6ad3dd7fae25a44348b82812 elinks-0.9.2-3.3.5.2.ppc.rpm
7a16ed80746799f184ca44be4a096bb5 elinks-debuginfo-0.9.2-3.3.5.2.ppc.rpm
s390:
1d225484d90ff04080c3d570dd54e8d5 elinks-0.9.2-3.3.5.2.s390.rpm
4e84ed71e7c0f40106d6aeb254615c08 elinks-debuginfo-0.9.2-3.3.5.2.s390.rpm
s390x:
f9d32215514a0c003d315cb8a22305bc elinks-0.9.2-3.3.5.2.s390x.rpm
bb7f869803f4066e57cd65438016ec72 elinks-debuginfo-0.9.2-3.3.5.2.s390x.rpm
x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm
x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm
x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm
i386:
7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm
073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm
x86_64:
5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm
536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm
i386:
7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm
073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm
ia64:
7bc784e2951af8725c9876a28c942c5d elinks-0.11.1-5.1.0.1.el5.ia64.rpm
15bf78d4bab60a721c2dd815522cd34c elinks-debuginfo-0.11.1-5.1.0.1.el5.ia64.rpm
ppc:
04978852cf223ad9d338eea7e4fffe07 elinks-0.11.1-5.1.0.1.el5.ppc.rpm
b085052c86f584b8a7f3dcfb01a490f8 elinks-debuginfo-0.11.1-5.1.0.1.el5.ppc.rpm
s390x:
32cce00b9e70804720d80e5c2dd80960 elinks-0.11.1-5.1.0.1.el5.s390x.rpm
987063ebff12a8d7358d854f671388a3 elinks-debuginfo-0.11.1-5.1.0.1.el5.s390x.rpm
x86_64:
5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm
536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034 http://www.redhat.com/security/updates/classification/#moderate
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Bugs Fixed