RHSA-2007:0933 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: elinks security update

Type/Severity

Security Advisory: Moderate

Topic

An updated ELinks package that corrects a security vulnerability is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

ELinks is a text mode Web browser used from the command line that supports
rendering modern web pages.

An information disclosure flaw was found in the way ELinks passes https
POST data to a proxy server. POST data sent via a proxy to an https site is
not properly encrypted by ELinks, possibly allowing the disclosure of
sensitive information. (CVE-2007-5034)

All users of Elinks are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy

CVEs

CVE-2007-5034

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
elinks-0.11.1-5.1.0.1.el5.src.rpm	SHA-256: 4ac4554a04ef312e000ce29d471bc63678a88f244fb032941e88ef31c4ca86da
x86_64
elinks-0.11.1-5.1.0.1.el5.x86_64.rpm	SHA-256: 1e11d13ba3764c6569e1b135f14e2b996c64b3ee90e9978376f1e98798ab5a4d
ia64
elinks-0.11.1-5.1.0.1.el5.ia64.rpm	SHA-256: 673385553e20bf0323b791be51f8afac6c13833f36f8982dd10d5b88ee2cc6f2
i386
elinks-0.11.1-5.1.0.1.el5.i386.rpm	SHA-256: 7b4ae5a2b2d281b59084eb23d7feed5857d77dee7aa78beb85ec8a599d385b5a

Red Hat Enterprise Linux Server 4

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
x86_64
elinks-0.9.2-3.3.5.2.x86_64.rpm	SHA-256: b50a01339c12092b99a2311e18117d6f2239f1315f79d4a911027ab623b6bf73
elinks-0.9.2-3.3.5.2.x86_64.rpm	SHA-256: b50a01339c12092b99a2311e18117d6f2239f1315f79d4a911027ab623b6bf73
ia64
elinks-0.9.2-3.3.5.2.ia64.rpm	SHA-256: e1efed89bfb7906742692c86948f62cbca2a5f20392ce029863a764bb6b83850
elinks-0.9.2-3.3.5.2.ia64.rpm	SHA-256: e1efed89bfb7906742692c86948f62cbca2a5f20392ce029863a764bb6b83850
i386
elinks-0.9.2-3.3.5.2.i386.rpm	SHA-256: 5547644bcff7f4f2275d2f9409b18cfa72dcd1ad4db92d238a4b921aa529ce72
elinks-0.9.2-3.3.5.2.i386.rpm	SHA-256: 5547644bcff7f4f2275d2f9409b18cfa72dcd1ad4db92d238a4b921aa529ce72

Red Hat Enterprise Linux Server - Extended Update Support 4.5

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
x86_64
elinks-0.9.2-3.3.5.2.x86_64.rpm	SHA-256: b50a01339c12092b99a2311e18117d6f2239f1315f79d4a911027ab623b6bf73
elinks-0.9.2-3.3.5.2.x86_64.rpm	SHA-256: b50a01339c12092b99a2311e18117d6f2239f1315f79d4a911027ab623b6bf73
ia64
elinks-0.9.2-3.3.5.2.ia64.rpm	SHA-256: e1efed89bfb7906742692c86948f62cbca2a5f20392ce029863a764bb6b83850
elinks-0.9.2-3.3.5.2.ia64.rpm	SHA-256: e1efed89bfb7906742692c86948f62cbca2a5f20392ce029863a764bb6b83850
i386
elinks-0.9.2-3.3.5.2.i386.rpm	SHA-256: 5547644bcff7f4f2275d2f9409b18cfa72dcd1ad4db92d238a4b921aa529ce72
elinks-0.9.2-3.3.5.2.i386.rpm	SHA-256: 5547644bcff7f4f2275d2f9409b18cfa72dcd1ad4db92d238a4b921aa529ce72

Red Hat Enterprise Linux Workstation 5

SRPM
elinks-0.11.1-5.1.0.1.el5.src.rpm	SHA-256: 4ac4554a04ef312e000ce29d471bc63678a88f244fb032941e88ef31c4ca86da
x86_64
elinks-0.11.1-5.1.0.1.el5.x86_64.rpm	SHA-256: 1e11d13ba3764c6569e1b135f14e2b996c64b3ee90e9978376f1e98798ab5a4d
i386
elinks-0.11.1-5.1.0.1.el5.i386.rpm	SHA-256: 7b4ae5a2b2d281b59084eb23d7feed5857d77dee7aa78beb85ec8a599d385b5a

Red Hat Enterprise Linux Workstation 4

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
x86_64
elinks-0.9.2-3.3.5.2.x86_64.rpm	SHA-256: b50a01339c12092b99a2311e18117d6f2239f1315f79d4a911027ab623b6bf73
ia64
elinks-0.9.2-3.3.5.2.ia64.rpm	SHA-256: e1efed89bfb7906742692c86948f62cbca2a5f20392ce029863a764bb6b83850
i386
elinks-0.9.2-3.3.5.2.i386.rpm	SHA-256: 5547644bcff7f4f2275d2f9409b18cfa72dcd1ad4db92d238a4b921aa529ce72

Red Hat Enterprise Linux Desktop 5

SRPM
elinks-0.11.1-5.1.0.1.el5.src.rpm	SHA-256: 4ac4554a04ef312e000ce29d471bc63678a88f244fb032941e88ef31c4ca86da
x86_64
elinks-0.11.1-5.1.0.1.el5.x86_64.rpm	SHA-256: 1e11d13ba3764c6569e1b135f14e2b996c64b3ee90e9978376f1e98798ab5a4d
i386
elinks-0.11.1-5.1.0.1.el5.i386.rpm	SHA-256: 7b4ae5a2b2d281b59084eb23d7feed5857d77dee7aa78beb85ec8a599d385b5a

Red Hat Enterprise Linux Desktop 4

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
x86_64
elinks-0.9.2-3.3.5.2.x86_64.rpm	SHA-256: b50a01339c12092b99a2311e18117d6f2239f1315f79d4a911027ab623b6bf73
i386
elinks-0.9.2-3.3.5.2.i386.rpm	SHA-256: 5547644bcff7f4f2275d2f9409b18cfa72dcd1ad4db92d238a4b921aa529ce72

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
elinks-0.11.1-5.1.0.1.el5.src.rpm	SHA-256: 4ac4554a04ef312e000ce29d471bc63678a88f244fb032941e88ef31c4ca86da
s390x
elinks-0.11.1-5.1.0.1.el5.s390x.rpm	SHA-256: 6a18cdcbbf54e98bea29db7ef78b97e35b54a6a91b8be35291dc66901c5c9857

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
s390x
elinks-0.9.2-3.3.5.2.s390x.rpm	SHA-256: 896cab1f14b2e0145069c937c2bca1610031ce022abd270b30a857cf3064f93a
s390
elinks-0.9.2-3.3.5.2.s390.rpm	SHA-256: 0d7dde03b1930bcce220c7aed9860ae44f8a4aaf0f92fddd1b6015753be64cee

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
s390x
elinks-0.9.2-3.3.5.2.s390x.rpm	SHA-256: 896cab1f14b2e0145069c937c2bca1610031ce022abd270b30a857cf3064f93a
s390
elinks-0.9.2-3.3.5.2.s390.rpm	SHA-256: 0d7dde03b1930bcce220c7aed9860ae44f8a4aaf0f92fddd1b6015753be64cee

Red Hat Enterprise Linux for Power, big endian 5

SRPM
elinks-0.11.1-5.1.0.1.el5.src.rpm	SHA-256: 4ac4554a04ef312e000ce29d471bc63678a88f244fb032941e88ef31c4ca86da
ppc
elinks-0.11.1-5.1.0.1.el5.ppc.rpm	SHA-256: bbecf1143696d65082d25788178412cd0f8c44bb42139410f33f2a40e4165ea3

Red Hat Enterprise Linux for Power, big endian 4

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
ppc
elinks-0.9.2-3.3.5.2.ppc.rpm	SHA-256: 8136556db9d22b3275ed3daca5a1a70df18cefe5bd9b616aa031dfaf2ab6d1d4

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
elinks-0.9.2-3.3.5.2.src.rpm	SHA-256: fae3280ea139726aef2b693c4946ee02fac6ee0e7386fec1d7489b89735e8d3d
ppc
elinks-0.9.2-3.3.5.2.ppc.rpm	SHA-256: 8136556db9d22b3275ed3daca5a1a70df18cefe5bd9b616aa031dfaf2ab6d1d4

Red Hat Enterprise Linux Server from RHUI 5

SRPM
elinks-0.11.1-5.1.0.1.el5.src.rpm	SHA-256: 4ac4554a04ef312e000ce29d471bc63678a88f244fb032941e88ef31c4ca86da
x86_64
elinks-0.11.1-5.1.0.1.el5.x86_64.rpm	SHA-256: 1e11d13ba3764c6569e1b135f14e2b996c64b3ee90e9978376f1e98798ab5a4d
i386
elinks-0.11.1-5.1.0.1.el5.i386.rpm	SHA-256: 7b4ae5a2b2d281b59084eb23d7feed5857d77dee7aa78beb85ec8a599d385b5a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.