Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
202
security advisorymoderatesoftware updateopenSUSE: 2019:2185-1 Moderate: Links DNS-Prefetch Issue
An update that contains security fixes can now be installed.. openSUSE Security Update: Security update for links ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: #1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for links fixes the following issues: links was updated to 2.20.1: * libevent bug fixes links was updated to 2.20: * Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with rel=dns-prefetch boo#1149886 * stability improvements * file urls support local hostnames * mouse support improvement * improve interaction with Google * Support the zstd compression algorithm * Use proper cookie expiry links was updated to 2.19: * Fixed a crash on invalidn IDN URLs * Make font selection possible via fontconfig * Show certificate authority in Document info box * Use international error messages * The -dump switch didn't report errors on stdout write links was updated to 2.18: * Automatically enable tor mode when the socks port is 9050 * When in tor mode, invert colors on top line and bottom line * Fix an incorrect shift in write_ev_queue * Fix runtime error sanitizer warning * Add a menu entry to save and load a clipboard * Don't synch with Xserver on every pixmap load * Fix "Network Options" bug that caused a timeout * Fix a possible integer overflow in decoder_memory_expand * Fix possible pointer arithmetics bug if os allocated few bytes * Add a button to never acceptinvalid certs for a given server * Fix incorrect strings -html-t-text-color * Add ascii replacement of Romanian S and T with comma * Fix a bug when IPv6 control connection to ftp server fails links was updated to 2.17: * Fix verifying SSL certificates for numeric IPv6 addresses * Delete the option -ftp.fast - it doesn't always work and ftp performance is not an issue anymore * Add bold and monospaced Turkish letter 'i' without a dot * On OS/2 allocate OpenSSL memory fro the lower heap. It fixes SSL on systems with old 16-bit TCP/IP stack * Fix IPv6 on OpenVMS Alpha * Support mouse scroll wheel in textarea * Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the "buggy" behavior and defines new codes 307 and 308 that retain the post data * X11 - fixed colormap leak when creating a new window * Fixed an infinite loop that happened in graphics mode if the user clicked on OK in "Miscellaneous options" dialog and more than one windows were open. This bug was introduced in Links 2.15 * Support 6x6x6 RGB palette in 256-bit color mode on framebuffer * Implement dithering properly on OS/2 in 15-bit and 16-bit color mode. In 8-bit mode, Links may optionally use a private palette - it improves visual quality of Links images, but degrades visual quality of other concurrently running programs. * Improve scrolling smoothness when the user drags the whole document * On OS/2, allocate large memory blocks directly (not with malloc). It reduces memory waste * Fixed a bug that setting terminal title and resizing a terminal didn't work on OS/2 and Windows. The bug was introduced in Links 2.16 when shutting up coverity warnings * Set link color to yellow by default * Delete the option -http-bugs.bug-post-no-keepalive. It was needed in 1999 to avoid some bug in some http server and it is not needed anymore * Trust Content-Length on HTTP/1.0 redirect requests. This fixes hangs withmisbehaving servers that honor Connection:keep-alive but send out HTTP/1.0 reply without Connection: keep-alive. Links thought that they don't support keep-alive and waited for the connection to close (for example https://www.raspberrypi.org/ * Use keys 'H' and 'L' to select the top and bottom link on the current page links was updated to 2.16: * Improve handling of the DELETE key * Implement the bracketed paste mode * Fix various bugs found by coverity * Fix a crash in proxy authentication code * Fixed internal error "invalid set_handlers call" on framebuffer if links is suspend and terminate at the same time Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-2185=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): links-2.20.1-lp151.3.3.1 links-debuginfo-2.20.1-lp151.3.3.1 links-debugsource-2.20.1-lp151.3.3.1 - openSUSE Leap 15.0 (x86_64): links-2.20.1-lp150.2.3.1 links-debuginfo-2.20.1-lp150.2.3.1 links-debugsource-2.20.1-lp150.2.3.1 - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): links-2.20.1-bp151.4.3.1 - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): links-2.20.1-bp150.2.3.1 links-debuginfo-2.20.1-bp150.2.3.1 links-debugsource-2.20.1-bp150.2.3.1 References: https://bugzilla.suse.com/1149886 -- . Critical update for links in openSUSE fixes DNS-relation issues and improves overall stability. Learn more about the necessary installations.. security, update, fixes, installed,opensuse. . LinuxSecurity.com Team
Sep 25, 2019
OpenSUSE
203
security advisorysoftware updatesecurity patchMageia 2019-0270: Security Update Addressing Links DNS Vulnerability
Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code References: . MGASA-2019-0270 - Updated links packages fix security vulnerability Publication date: 12 Sep 2019 URL: https://advisories.mageia.org/MGASA-2019-0270.html Type: security Affected Mageia releases: 6, 7 Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code References: - https://bugs.mageia.org/show_bug.cgi?id=25378 - http://links.twibright.com/download/ChangeLog SRPMS: - 7/core/links-2.20-1.mga7 - 6/core/links-2.20-1.mga6 . An advisory has been released regarding Mageia’s links package, focusing on DNS-related vulnerabilities. This applies to both versions 6 and 7, with updates provided to enhance security.. Mageia Security, Links Package Fix, DNS Security Update. . Severity: Important. LinuxSecurity.com Team
Sep 12, 2019
•Important
Mageia
89
security advisorysoftware updateFedoraFedora 25 Security Advisory: FEDORA-2016-b69081ceea Links Update
Update to links 2.13.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-b69081ceea 2016-09-27 00:29:22.119553 -------------------------------------------------------------------------------- Name : links Product : Fedora 25 Version : 2.13 Release : 1.fc25 URL : http://links.twibright.com/ Summary : Web browser running in both graphics and text mode Description : Links is a web browser capable of running in either graphics or text mode. It provides a pull-down menu system, renders complex pages, has partial HTML 4.0 support (including tables, frames and support for multiple character sets and UTF-8), supports color and monochrome terminals and allows horizontal scrolling. -------------------------------------------------------------------------------- Update Information: Update to links 2.13. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1364919 - links: Unix domain sockets shared between anonymous and non-anonymous instances [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1364919 [ 2 ] Bug #1352033 - links-2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1352033 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update links' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 27, 2016
•Important
Fedora
99
security advisorysecurity issuecriticalSlackware 12.1 Advisory - 2008-210-04 Critical Links Proxy Threat
New links packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix a security issue when using proxies. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] links (SSA:2008-210-04) New links packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix a security issue when using proxies. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2008-3329 Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/links-2.1-i486-1_slack12.1.tgz: Upgraded to links-2.1. Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." For more information, see: https://www.cve.org/CVERecord?id=CVE-2008-3329 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/links-2.1-i486-1_slack11.0.tgz Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/links-2.1-i486-1_slack12.0.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/links-2.1-i486-1_slack12.1.tgz Updated package forSlackware -current: MD5 signatures: +-------------+ Slackware 11.0 package: 938eccef79b71343d4e2f13ef4454450 links-2.1-i486-1_slack11.0.tgz Slackware 12.0 package: 0207e7720de54574ef773a0e1f3a35e8 links-2.1-i486-1_slack12.0.tgz Slackware 12.1 package: 343b0f3f6b33d1097faafa66c777651b links-2.1-i486-1_slack12.1.tgz Slackware -current package: f137305bc4c7ea5fd0670760b10d653d links-2.1-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg links-2.1-i486-1_slack12.1.tgz +-----+ . Updated link bundles for Slackware address a vulnerability concerning proxy access. Users are urged to apply updates promptly.. Links Packages, Slackware Updates, Proxy Threats, Software Patch. . Severity: Critical. LinuxSecurity.com Team
Jul 29, 2008
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!