- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: elinks security update
Advisory ID:       RHSA-2007:0933-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0933.html
Issue date:        2007-10-03
Updated on:        2007-10-03
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5034 
- ---------------------------------------------------------------------1. Summary:

An updated ELinks package that corrects a security vulnerability is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

ELinks is a text mode Web browser used from the command line that supports
rendering modern web pages.

An information disclosure flaw was found in the way ELinks passes https
POST data to a proxy server. POST data sent via a proxy to an https site is
not properly encrypted by ELinks, possibly allowing the disclosure of
sensitive information. (CVE-2007-5034)

All users of Elinks are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
f04cc8143e0eeb2479926cfdd47517bc  elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0  elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569  elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f  elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974  elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm

ppc:
2901b97c6ad3dd7fae25a44348b82812  elinks-0.9.2-3.3.5.2.ppc.rpm
7a16ed80746799f184ca44be4a096bb5  elinks-debuginfo-0.9.2-3.3.5.2.ppc.rpm

s390:
1d225484d90ff04080c3d570dd54e8d5  elinks-0.9.2-3.3.5.2.s390.rpm
4e84ed71e7c0f40106d6aeb254615c08  elinks-debuginfo-0.9.2-3.3.5.2.s390.rpm

s390x:
f9d32215514a0c003d315cb8a22305bc  elinks-0.9.2-3.3.5.2.s390x.rpm
bb7f869803f4066e57cd65438016ec72  elinks-debuginfo-0.9.2-3.3.5.2.s390x.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c  elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49  elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
f04cc8143e0eeb2479926cfdd47517bc  elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0  elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569  elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c  elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49  elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
f04cc8143e0eeb2479926cfdd47517bc  elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0  elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569  elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f  elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974  elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c  elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49  elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
f04cc8143e0eeb2479926cfdd47517bc  elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0  elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569  elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f  elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974  elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c  elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49  elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
df97aa87a94550dd9c6b8b3ab4e6f717  elinks-0.11.1-5.1.0.1.el5.src.rpm

i386:
7b4b7287bc524c45dc55a702ea6243ea  elinks-0.11.1-5.1.0.1.el5.i386.rpm
073d91f669aacc7a121c82c3437ddeff  elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm

x86_64:
5cd0b473ae6d27f879f48aa2085e6380  elinks-0.11.1-5.1.0.1.el5.x86_64.rpm
536aff78098fdccca9afc5a2b2b43bf5  elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
df97aa87a94550dd9c6b8b3ab4e6f717  elinks-0.11.1-5.1.0.1.el5.src.rpm

i386:
7b4b7287bc524c45dc55a702ea6243ea  elinks-0.11.1-5.1.0.1.el5.i386.rpm
073d91f669aacc7a121c82c3437ddeff  elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm

ia64:
7bc784e2951af8725c9876a28c942c5d  elinks-0.11.1-5.1.0.1.el5.ia64.rpm
15bf78d4bab60a721c2dd815522cd34c  elinks-debuginfo-0.11.1-5.1.0.1.el5.ia64.rpm

ppc:
04978852cf223ad9d338eea7e4fffe07  elinks-0.11.1-5.1.0.1.el5.ppc.rpm
b085052c86f584b8a7f3dcfb01a490f8  elinks-debuginfo-0.11.1-5.1.0.1.el5.ppc.rpm

s390x:
32cce00b9e70804720d80e5c2dd80960  elinks-0.11.1-5.1.0.1.el5.s390x.rpm
987063ebff12a8d7358d854f671388a3  elinks-debuginfo-0.11.1-5.1.0.1.el5.s390x.rpm

x86_64:
5cd0b473ae6d27f879f48aa2085e6380  elinks-0.11.1-5.1.0.1.el5.x86_64.rpm
536aff78098fdccca9afc5a2b2b43bf5  elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Moderate: elinks security update

An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security imp...

Summary



Summary

ELinks is a text mode Web browser used from the command line that supports rendering modern web pages. An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. POST data sent via a proxy to an https site is not properly encrypted by ELinks, possibly allowing the disclosure of sensitive information. (CVE-2007-5034) All users of Elinks are advised to upgrade to this updated package, which contains a backported patch that resolves this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
ia64: d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm
ppc: 2901b97c6ad3dd7fae25a44348b82812 elinks-0.9.2-3.3.5.2.ppc.rpm 7a16ed80746799f184ca44be4a096bb5 elinks-debuginfo-0.9.2-3.3.5.2.ppc.rpm
s390: 1d225484d90ff04080c3d570dd54e8d5 elinks-0.9.2-3.3.5.2.s390.rpm 4e84ed71e7c0f40106d6aeb254615c08 elinks-debuginfo-0.9.2-3.3.5.2.s390.rpm
s390x: f9d32215514a0c003d315cb8a22305bc elinks-0.9.2-3.3.5.2.s390x.rpm bb7f869803f4066e57cd65438016ec72 elinks-debuginfo-0.9.2-3.3.5.2.s390x.rpm
x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
ia64: d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm
x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm
i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm
ia64: d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm
x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm
i386: 7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm 073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm
x86_64: 5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm 536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm
i386: 7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm 073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm
ia64: 7bc784e2951af8725c9876a28c942c5d elinks-0.11.1-5.1.0.1.el5.ia64.rpm 15bf78d4bab60a721c2dd815522cd34c elinks-debuginfo-0.11.1-5.1.0.1.el5.ia64.rpm
ppc: 04978852cf223ad9d338eea7e4fffe07 elinks-0.11.1-5.1.0.1.el5.ppc.rpm b085052c86f584b8a7f3dcfb01a490f8 elinks-debuginfo-0.11.1-5.1.0.1.el5.ppc.rpm
s390x: 32cce00b9e70804720d80e5c2dd80960 elinks-0.11.1-5.1.0.1.el5.s390x.rpm 987063ebff12a8d7358d854f671388a3 elinks-debuginfo-0.11.1-5.1.0.1.el5.s390x.rpm
x86_64: 5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm 536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034 http://www.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2007:0933-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0933.html
Issued Date: : 2007-10-03
Updated on: 2007-10-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-5034 An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64


Bugs Fixed


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved