Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 15 articles for you...
219

Rocky Linux 8 Lynx Moderate HTTP Auth Disclosure RLSA-2022-2129

Moderate: lynx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2022:2129", "synopsis": "Moderate: lynx security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for lynx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags.\n\nSecurity Fix(es):\n\n* lynx: Disclosure of HTTP authentication credentials via SNI data (CVE-2021-38165)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "1994998", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1994998", "description": ""}], "cves": [{"name": "CVE-2021-38165", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38165", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-522"}], "references": [], "publishedAt": "2026-06-28T00:01:40.098233Z", "rpms": {"Rocky Linux 8": {"nvras": ["lynx-debuginfo-0:2.8.9-4.el8.aarch64.rpm", "lynx-0:2.8.9-4.el8.aarch64.rpm", "lynx-0:2.8.9-4.el8.src.rpm", "lynx-0:2.8.9-4.el8.x86_64.rpm", "lynx-debuginfo-0:2.8.9-4.el8.x86_64.rpm", "lynx-debugsource-0:2.8.9-4.el8.aarch64.rpm", "lynx-debugsource-0:2.8.9-4.el8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Lynx security update for Rocky Linux addresses moderate risks, including HTTP credential exposure. Read more.. Rocky Linux Lynx Update CredentialExposure Web Browser. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 28, 2026 moderate Rocky Linux
98

Red Hat Enterprise Linux 8 RHSA-2022-2129-01 Moderate: Lynx SNI Issue

An update for lynx is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: lynx security update Advisory ID: RHSA-2022:2129-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2129 Issue date: 2022-05-10 CVE Names: CVE-2021-38165 ==================================================================== 1. Summary: An update for lynx is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. Security Fix(es): * lynx: Disclosure of HTTP authentication credentials via SNI data (CVE-2021-38165) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1994998 - CVE-2021-38165 lynx: Disclosure of HTTP authentication credentials via SNI data 6. Package List: Red Hat CodeReady Linux Builder (v. 8): Source: lynx-2.8.9-4.el8.src.rpm aarch64: lynx-2.8.9-4.el8.aarch64.rpm lynx-debuginfo-2.8.9-4.el8.aarch64.rpm lynx-debugsource-2.8.9-4.el8.aarch64.rpm ppc64le: lynx-2.8.9-4.el8.ppc64le.rpm lynx-debuginfo-2.8.9-4.el8.ppc64le.rpm lynx-debugsource-2.8.9-4.el8.ppc64le.rpm s390x: lynx-2.8.9-4.el8.s390x.rpm lynx-debuginfo-2.8.9-4.el8.s390x.rpm lynx-debugsource-2.8.9-4.el8.s390x.rpm x86_64: lynx-2.8.9-4.el8.x86_64.rpm lynx-debuginfo-2.8.9-4.el8.x86_64.rpm lynx-debugsource-2.8.9-4.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-38165 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIUAwUBYnqQmNzjgjWX9erEAQiSbQ/2MC9CC7KGlaV1ZRGVWkWC4+oc6o7bK8GF FpL1RgHNjs3FnTrRkFiy73V6mAptC2chrl7vufNLyxcvNRKiIX9VILJyMK2C967N TAWjwCBmUPzwQ1fjQBo1ss1LYWPLT03q+AADIrQXPV5fBbzlPnQSyN205rVv9xMb x9p09dh3gaIcyrBtko4RzCD2/w3vAy0pb64SxLks1tMVLQ7xtcF2M5HwHHCUigfx QHpPf2Uf4wyPPyjoe0HldZAnpTNCm7+WfV0NbBtzntLYSZCj/GA1AuKbmKotAImZ IkcFYwNCdOoVknsXdNpyEB6DzZgMqe88TZCqgSBfvs3ngJXtiAy/Jgyx9QEQ9VRv 5PXBUVpHpfwp7p6ypOe4CHuDzx8EHnx9GOwVxL2YDjhOKLSZHXyCnPJZkxd1VdIR CfUblKoveKhE4wl1HIZ36CB6lAuWS3c/oYhod+OXR/Zn8NX05qzhbFvDSEefmQeq q/QrP23R5bd5nRLSlRm+kic64xPpHVs8sH29oAJ9E32j+gHiLabFiyh7uFMohJY1 HiN2Wj8q5r8+D+AZC1fDZvk9oxZaNBl1jAxEEiQjuuzE1lzEtJUDS+hZRC1GZDK4 weYf00dqXwhpcMx5vAWTbGnS8Ngsy4QgNxN93yKw2pdFczw6L+v9pkXYwoZ3u2Xr PnLo+xAGKA==+W// -----END PGPSIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent patch resolves a significant Lynx vulnerability for Red Hat Enterprise Linux, rectifying HTTP authentication exposure through SNI.. Red Hat Enterprise Linux, lynx security update, HTTP authentication. . LinuxSecurity.com Team

Calendar%202 May 10, 2022 Red Hat
203

Mageia 8 Lynx Update: 2021-0422 Moderate Credential Exposure

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. (CVE-2021-38165) References: . MGASA-2021-0422 - Updated lynx packages fix security vulnerability Publication date: 23 Sep 2021 URL: https://advisories.mageia.org/MGASA-2021-0422.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-38165 Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. (CVE-2021-38165) References: - https://bugs.mageia.org/show_bug.cgi?id=29342 - https://www.openwall.com/lists/oss-security/2021/08/07/9 - https://lists.debian.org/debian-security-announce/2021/msg00136.html - https://www.cve.org/CVERecord?id=CVE-2021-38165 SRPMS: - 8/core/lynx-2.8.9-0.dev17.4.1.mga8 . New Lynx versions address security vulnerabilities in Mageia 8, released on 23 Sep 2021.. Mageia Lynx Security Fix, Credential Exposure, Remote Attack Mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 23, 2021 Important Mageia
89

Fedora 34: FEDORA-2021-f59bda7d94 moderate: Lynx HTTP Auth Issue

- fix disclosure of HTTP auth credentials via SNI data (CVE-2021-38165). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-f59bda7d94 2021-09-08 15:05:54.167624 --------------------------------------------------------------------------------Name : lynx Product : Fedora 34 Version : 2.8.9 Release : 13.fc34 URL : http://lynx.browser.org/ Summary : A text-based Web browser Description : Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed; Lynx starts and exits quickly and swiftly displays web pages. --------------------------------------------------------------------------------Update Information: - fix disclosure of HTTP auth credentials via SNI data (CVE-2021-38165) --------------------------------------------------------------------------------ChangeLog: * Tue Aug 31 2021 Kamil Dudka - 2.8.9-13 - fix disclosure of HTTP auth credentials via SNI data (CVE-2021-38165) * Thu Jul 22 2021 Fedora Release Engineering - 2.8.9-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1994998 - CVE-2021-38165 lynx: Disclosure of HTTP authentication credentials via SNI data https://bugzilla.redhat.com/show_bug.cgi?id=1994998 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-f59bda7d94' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Resolution for leakage of HTTP auth credentials in Lynx on Fedora caused by SNI exposure.. HTTP Auth Credentials, Lynx Security Fix, Fedora Updates, SNI Data Issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 08, 2021 Important Fedora
198

Arch Linux: ASA-202108-9 High: Lynx Information Disclosure

The package lynx before version 2.8.9-4 is vulnerable to information disclosure. . Arch Linux Security Advisory ASA-202108-9 ======================================== Severity: High Date : 2021-08-10 CVE-ID : CVE-2021-38165 Package : lynx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2261 Summary ====== The package lynx before version 2.8.9-4 is vulnerable to information disclosure. Resolution ========= Upgrade to 2.8.9-4. # pacman -Syu "lynx> =2.8.9-4" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== HTParse in Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data or HTTP headers. Impact ===== A remote attacker could retrieve HTTP Basic Authentication credentials. References ========= https://bugs.archlinux.org/task/71764 https://lynx.invisible-island.net/current/CHANGES.html#index-v2.9.0dev.9 https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff https://security.archlinux.org/CVE-2021-38165 . Debian Security Notice DSN-202109-8 highlights a critical vulnerability affecting wget. Immediate update suggested.. Arch Linux, Lynx Security, Information Disclosure, Remote Vulnerability. . LinuxSecurity.com Team

Calendar%202 Aug 13, 2021 ArchLinux
87

Debian: DSA-4953-1 Urgent Update: Lynx URI Credential Exposure Issue

Thorsten Glaser and Axel Beckert reported that lynx, a non-graphical (text-mode) web browser, does not properly handle the userinfo subcomponent of a URI, which can lead to leaking of credential in cleartext in SNI data. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4953-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lynx CVE ID : CVE-2021-38165 Debian Bug : 991971 Thorsten Glaser and Axel Beckert reported that lynx, a non-graphical (text-mode) web browser, does not properly handle the userinfo subcomponent of a URI, which can lead to leaking of credential in cleartext in SNI data. For the stable distribution (buster), this problem has been fixed in version 2.8.9rel.1-3+deb10u1. We recommend that you upgrade your lynx packages. For the detailed security status of lynx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/lynx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Bulletin DSA-4954-2 emphasizes a vim update remedying syntax highlighting vulnerabilities in configuration files.. Lynx Browser Security Update, Debian Lynx Advisory, URI Credential Leak. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 10, 2021 Critical Debian
89

Fedora 26 Lynx: Security Update, Memory Disclosure Fixed

- update to the latest upstream pre-release (fixes CVE-2017-1000211). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-bf172b2035 2017-12-26 15:02:57.897176 --------------------------------------------------------------------------------Name : lynx Product : Fedora 26 Version : 2.8.9 Release : 0.20.dev16.fc26 URL : http://lynx.browser.org/ Summary : A text-based Web browser Description : Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed; Lynx starts and exits quickly and swiftly displays web pages. --------------------------------------------------------------------------------Update Information: - update to the latest upstream pre-release (fixes CVE-2017-1000211) --------------------------------------------------------------------------------References: [ 1 ] Bug #1522617 - CVE-2017-1000211 lynx: Use after free in HTML.c:HTML_put_string() can lead to memory disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1522617 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade lynx' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Lynx security patch for Fedora 26 resolves memory leak vulnerabilities with the recent upstream beta.Critical security enhancement.. Lynx Update, Fedora Security, Text-Based Browser, Memory Disclosure, Linux Updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 26, 2017 Important Fedora
172

Ubuntu 12.10 LTS: USN-1642-1 Critical Lynx Issues Detected

Two security issues were fixed in Lynx.. =========================================================================Ubuntu Security Notice USN-1642-1 November 29, 2012 lynx-cur vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Two security issues were fixed in Lynx. Software Description: - lynx-cur: Text-mode WWW Browser with NLS support Details: Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810) It was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: lynx-cur 2.8.8dev.12-2ubuntu0.1 Ubuntu 12.04 LTS: lynx-cur 2.8.8dev.9-2ubuntu0.12.04.1 Ubuntu 11.10: lynx-cur 2.8.8dev.9-2ubuntu0.11.10.1 Ubuntu 10.04 LTS: lynx-cur 2.8.8dev.2-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1642-1 CVE-2010-2810, CVE-2012-5821 Package Information: https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.12-2ubuntu0.1 https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.9-2ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.9-2ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.2-1ubuntu0.1 . Immediate security patches for Lynx in Ubuntu address severe vulnerabilities linked to buffer overflow and potential Man-In-The-Middle threats.. lynx security updates, ubuntu vulnerabilities, buffer overflow fix, man in the middle attack. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 29, 2012 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200