Mandriva

Package name lynx Date February 24th, 2003 Advisory ID MDKSA-2003:023 Affected versions 7.2, 8.0, 8.1, 8.2, 9.0, MNF8.2 Synopsis Updated lynx packages fix CRLF injection vulnerability

Problem Description

A vulnerability was discovered in lynx, a text-mode web browser. The
HTTP queries that lynx constructs are from arguments on the command
line or the $WWW_HOME environment variable, but lynx does not properly
sanitize special characters such as carriage returns or linefeeds.
Extra headers can be inserted into the request because of this, which
can cause scripts that use lynx to fetch data from the wrong site from
servers that use virtual hosting.

Updated Packages

Mandrakelinux 7.2

 51b4a07587e21fae8c22ee96dda08165  7.2/RPMS/lynx-2.8.5-0.10mdk.dev.8.i586.rpm
3dc147ad3ce860da0b476b28c958b55b  7.2/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Mandrakelinux 8.0

 0e9f7fac97a924915829181b129feb64  8.0/RPMS/lynx-2.8.5-0.10mdk.dev.8.i586.rpm
3dc147ad3ce860da0b476b28c958b55b  8.0/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Mandrakelinux 8.0/PPC

 8bead3da1f305cc99fa00b7e6e1b21fc  ppc/8.0/RPMS/lynx-2.8.5-0.10mdk.dev.8.ppc.rpm
3dc147ad3ce860da0b476b28c958b55b  ppc/8.0/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Mandrakelinux 8.1

 d70d1dc68846e77601e7648ad31e8407  8.1/RPMS/lynx-2.8.5-0.10mdk.dev.8.i586.rpm
3dc147ad3ce860da0b476b28c958b55b  8.1/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Mandrakelinux 8.1/IA64

 3e342d5aed2f987fc156784a2a49e113  ia64/8.1/RPMS/lynx-2.8.5-0.10mdk.dev.8.ia64.rpm
3dc147ad3ce860da0b476b28c958b55b  ia64/8.1/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Mandrakelinux 8.2

 c2bc5c894bddc46b4ab7711691ba5b71  8.2/RPMS/lynx-2.8.5-0.10mdk.dev.8.i586.rpm
3dc147ad3ce860da0b476b28c958b55b  8.2/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Mandrakelinux 8.2/PPC

 ead8f99e26c7aaeb59782b0f85150840  ppc/8.2/RPMS/lynx-2.8.5-0.10mdk.dev.8.ppc.rpm
3dc147ad3ce860da0b476b28c958b55b  ppc/8.2/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Mandrakelinux 9.0

 59fd26d160a9168588b3dde6a0405c5e  9.0/RPMS/lynx-2.8.5-0.10mdk.dev.8.i586.rpm
3dc147ad3ce860da0b476b28c958b55b  9.0/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

Multi Network Firewall 8.2

 c2bc5c894bddc46b4ab7711691ba5b71  mnf8.2/RPMS/lynx-2.8.5-0.10mdk.dev.8.i586.rpm
3dc147ad3ce860da0b476b28c958b55b  mnf8.2/SRPMS/lynx-2.8.5-0.10mdk.dev.8.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1405

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.