security advisorydebianremote execution
Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1240-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steve Kemp December 21, 2006 - ------------------------------------------------------------------------Package : links2 Vulnerability : insufficient escaping Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-5925 Debian Bug : 400718 Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. For the stable distribution (sarge) this problem has been fixed in version 2.1pre16-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 2.1pre26-1. For the unstable distribution (sid) this problem has been fixed in version 2.1pre26-1. We recommend that you upgrade your links2 package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 28658 a83c79990bbfb6f9ec26d737f767ee90 Size/MD5 checksum: 4217483 7baf4fc20cc244d80ead21cebff07d89 Size/MD5 checksum: 841ed4853334b7eebef055271df06cdcd7a alpha architecture (DEC Alpha) Size/MD5 checksum: 2110324 b3633fddb199c45339d3837bb0a519a0 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 2040922 5fb402e6a833709741d20238346c7597 arm architecture (ARM) Size/MD5 checksum: 1996004 c7c79ddcb82d5758668ed71d74b9685f i386 architecture (Intel ia32) Size/MD5 checksum: 1997426 4c1ef611e31c57583f7471653962a84a m68k architecture (Motorola Mc680x0) Size/MD5 checksum: 1904084 e5c777a07eaa88f4367b51d88c556a14 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 2034596 22854de6eaf3aa1e392291760e85e5e8 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-1241-2 addresses a vulnerability in the links2 web browser related to URL input handling, reducing risks of command execution. Debian Security Advisory, links2 command execution fix, insufficient escaping. . Severity: Medium. LinuxSecurity.com Team
Dec 21, 2006
•Medium
Debian
Refine advisories
