Issued:: 2005-10-17
Updated:: 2005-10-17

RHSA-2005:803 - Security Advisory

Overview
Updated Packages

Synopsis

lynx security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated lynx package that corrects a security flaw is now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Lynx is a text-based Web browser.

Ulf Harnhammar discovered a stack overflow bug in Lynx when handling
connections to NNTP (news) servers. An attacker could create a web page
redirecting to a malicious news server which could execute arbitrary code
as the user running lynx. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-3120 to this issue.

Users should update to this erratum package, which contains a backported
patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 170253 - CAN-2005-3120 lynx buffer overflow

CVEs

CVE-2005-3120

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
lynx-2.8.5-18.1.x86_64.rpm	SHA-256: 8fca07bdd2c360c86812f0f847b4bd29aad20ded13084d399c9e85da9e2949ba
lynx-2.8.5-18.1.x86_64.rpm	SHA-256: 8fca07bdd2c360c86812f0f847b4bd29aad20ded13084d399c9e85da9e2949ba
ia64
lynx-2.8.5-18.1.ia64.rpm	SHA-256: 503f007c84b94beb72bcfd28586819dc3507dd9556729945804d991735ea7b53
lynx-2.8.5-18.1.ia64.rpm	SHA-256: 503f007c84b94beb72bcfd28586819dc3507dd9556729945804d991735ea7b53
i386
lynx-2.8.5-18.1.i386.rpm	SHA-256: 1f67cd033e1835ef20f23e086077b124a98d1eb4b6aac7b31571f08c7baeb7da
lynx-2.8.5-18.1.i386.rpm	SHA-256: 1f67cd033e1835ef20f23e086077b124a98d1eb4b6aac7b31571f08c7baeb7da

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
lynx-2.8.5-18.1.x86_64.rpm	SHA-256: 8fca07bdd2c360c86812f0f847b4bd29aad20ded13084d399c9e85da9e2949ba
ia64
lynx-2.8.5-18.1.ia64.rpm	SHA-256: 503f007c84b94beb72bcfd28586819dc3507dd9556729945804d991735ea7b53
i386
lynx-2.8.5-18.1.i386.rpm	SHA-256: 1f67cd033e1835ef20f23e086077b124a98d1eb4b6aac7b31571f08c7baeb7da

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
lynx-2.8.5-18.1.x86_64.rpm	SHA-256: 8fca07bdd2c360c86812f0f847b4bd29aad20ded13084d399c9e85da9e2949ba
i386
lynx-2.8.5-18.1.i386.rpm	SHA-256: 1f67cd033e1835ef20f23e086077b124a98d1eb4b6aac7b31571f08c7baeb7da

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
lynx-2.8.5-18.1.s390x.rpm	SHA-256: 4e97958ee358712f86f1deff78f92cc92d6598776c241608131de4b35d55fe29
s390
lynx-2.8.5-18.1.s390.rpm	SHA-256: c6ce12ddb2389bbfed2a90963a19616340ed575eaa6c2dcee71267bd7e5e41fe

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
lynx-2.8.5-18.1.ppc.rpm	SHA-256: 2a92b4d151b9836474f3fdfb443796e49b87f2a4915826184e6c67d72b285d8a

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation