-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: lynx security update
Advisory ID:       RHSA-2022:2129-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:2129
Issue date:        2022-05-10
CVE Names:         CVE-2021-38165 
====================================================================
1. Summary:

An update for lynx is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Lynx is a text-based Web browser. Lynx does not display any images, but it
does support frames, tables, and most other HTML tags.

Security Fix(es):

* lynx: Disclosure of HTTP authentication credentials via SNI data
(CVE-2021-38165)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1994998 - CVE-2021-38165 lynx: Disclosure of HTTP authentication credentials via SNI data

6. Package List:

Red Hat CodeReady Linux Builder (v. 8):

Source:
lynx-2.8.9-4.el8.src.rpm

aarch64:
lynx-2.8.9-4.el8.aarch64.rpm
lynx-debuginfo-2.8.9-4.el8.aarch64.rpm
lynx-debugsource-2.8.9-4.el8.aarch64.rpm

ppc64le:
lynx-2.8.9-4.el8.ppc64le.rpm
lynx-debuginfo-2.8.9-4.el8.ppc64le.rpm
lynx-debugsource-2.8.9-4.el8.ppc64le.rpm

s390x:
lynx-2.8.9-4.el8.s390x.rpm
lynx-debuginfo-2.8.9-4.el8.s390x.rpm
lynx-debugsource-2.8.9-4.el8.s390x.rpm

x86_64:
lynx-2.8.9-4.el8.x86_64.rpm
lynx-debuginfo-2.8.9-4.el8.x86_64.rpm
lynx-debugsource-2.8.9-4.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-38165
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIUAwUBYnqQmNzjgjWX9erEAQiSbQ/2MC9CC7KGlaV1ZRGVWkWC4+oc6o7bK8GF
FpL1RgHNjs3FnTrRkFiy73V6mAptC2chrl7vufNLyxcvNRKiIX9VILJyMK2C967N
TAWjwCBmUPzwQ1fjQBo1ss1LYWPLT03q+AADIrQXPV5fBbzlPnQSyN205rVv9xMb
x9p09dh3gaIcyrBtko4RzCD2/w3vAy0pb64SxLks1tMVLQ7xtcF2M5HwHHCUigfx
QHpPf2Uf4wyPPyjoe0HldZAnpTNCm7+WfV0NbBtzntLYSZCj/GA1AuKbmKotAImZ
IkcFYwNCdOoVknsXdNpyEB6DzZgMqe88TZCqgSBfvs3ngJXtiAy/Jgyx9QEQ9VRv
5PXBUVpHpfwp7p6ypOe4CHuDzx8EHnx9GOwVxL2YDjhOKLSZHXyCnPJZkxd1VdIR
CfUblKoveKhE4wl1HIZ36CB6lAuWS3c/oYhod+OXR/Zn8NX05qzhbFvDSEefmQeq
q/QrP23R5bd5nRLSlRm+kic64xPpHVs8sH29oAJ9E32j+gHiLabFiyh7uFMohJY1
HiN2Wj8q5r8+D+AZC1fDZvk9oxZaNBl1jAxEEiQjuuzE1lzEtJUDS+hZRC1GZDK4
weYf00dqXwhpcMx5vAWTbGnS8Ngsy4QgNxN93yKw2pdFczw6L+v9pkXYwoZ3u2Xr
PnLo+xAGKA==+W//
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-2129:01 Moderate: lynx security update

An update for lynx is now available for Red Hat Enterprise Linux 8

Summary

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags.
Security Fix(es):
* lynx: Disclosure of HTTP authentication credentials via SNI data (CVE-2021-38165)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-38165 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Package List

Red Hat CodeReady Linux Builder (v. 8):
Source: lynx-2.8.9-4.el8.src.rpm
aarch64: lynx-2.8.9-4.el8.aarch64.rpm lynx-debuginfo-2.8.9-4.el8.aarch64.rpm lynx-debugsource-2.8.9-4.el8.aarch64.rpm
ppc64le: lynx-2.8.9-4.el8.ppc64le.rpm lynx-debuginfo-2.8.9-4.el8.ppc64le.rpm lynx-debugsource-2.8.9-4.el8.ppc64le.rpm
s390x: lynx-2.8.9-4.el8.s390x.rpm lynx-debuginfo-2.8.9-4.el8.s390x.rpm lynx-debugsource-2.8.9-4.el8.s390x.rpm
x86_64: lynx-2.8.9-4.el8.x86_64.rpm lynx-debuginfo-2.8.9-4.el8.x86_64.rpm lynx-debugsource-2.8.9-4.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2022:2129-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2129
Issued Date: : 2022-05-10
CVE Names: CVE-2021-38165

Topic

An update for lynx is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64


Bugs Fixed

1994998 - CVE-2021-38165 lynx: Disclosure of HTTP authentication credentials via SNI data


Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo