Package name lynx
Date February 24th, 2003
Advisory ID MDKSA-2003:023
Affected versions 7.2, 8.0, 8.1, 8.2, 9.0, MNF8.2
Synopsis Updated lynx packages fix CRLF injection vulnerability

Problem Description

A vulnerability was discovered in lynx, a text-mode web browser. The
HTTP queries that lynx constructs are from arguments on the command
line or the $WWW_HOME environment variable, but lynx does not properly
sanitize special characters such as carriage returns or linefeeds.
Extra headers can be inserted into the request because of this, which
can cause scripts that use lynx to fetch data from the wrong site from
servers that use virtual hosting.

Updated Packages

Mandrakelinux 7.2

 51b4a07587e21fae8c22ee96dda08165  7.2/RPMS/
3dc147ad3ce860da0b476b28c958b55b  7.2/SRPMS/

Mandrakelinux 8.0

 0e9f7fac97a924915829181b129feb64  8.0/RPMS/
3dc147ad3ce860da0b476b28c958b55b  8.0/SRPMS/

Mandrakelinux 8.0/PPC

 8bead3da1f305cc99fa00b7e6e1b21fc  ppc/8.0/RPMS/
3dc147ad3ce860da0b476b28c958b55b  ppc/8.0/SRPMS/

Mandrakelinux 8.1

 d70d1dc68846e77601e7648ad31e8407  8.1/RPMS/
3dc147ad3ce860da0b476b28c958b55b  8.1/SRPMS/

Mandrakelinux 8.1/IA64

 3e342d5aed2f987fc156784a2a49e113  ia64/8.1/RPMS/
3dc147ad3ce860da0b476b28c958b55b  ia64/8.1/SRPMS/

Mandrakelinux 8.2

 c2bc5c894bddc46b4ab7711691ba5b71  8.2/RPMS/
3dc147ad3ce860da0b476b28c958b55b  8.2/SRPMS/

Mandrakelinux 8.2/PPC

 ead8f99e26c7aaeb59782b0f85150840  ppc/8.2/RPMS/
3dc147ad3ce860da0b476b28c958b55b  ppc/8.2/SRPMS/

Mandrakelinux 9.0

 59fd26d160a9168588b3dde6a0405c5e  9.0/RPMS/
3dc147ad3ce860da0b476b28c958b55b  9.0/SRPMS/

Multi Network Firewall 8.2

 c2bc5c894bddc46b4ab7711691ba5b71  mnf8.2/RPMS/
3dc147ad3ce860da0b476b28c958b55b  mnf8.2/SRPMS/



To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.