Red Hat Product Errata RHSA-2013:0250 - Security Advisory

Issued:: 2013-02-11
Updated:: 2013-02-11

RHSA-2013:0250 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: elinks security update

Type/Severity

Security Advisory: Moderate

Topic

An updated elinks package that fixes one security issue is now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

ELinks is a text-based web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.

It was found that ELinks performed client credentials delegation during the
client-to-server GSS security mechanisms negotiation. A rogue server could
use this flaw to obtain the client's credentials and impersonate that
client to other servers that are using GSSAPI. (CVE-2012-4545)

This issue was discovered by Marko Myllynen of Red Hat.

All ELinks users are advised to upgrade to this updated package, which
contains a backported patch to resolve the issue.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 6.3 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 6.3 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.9 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.9 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.9 i386
Red Hat Enterprise Linux Server - AUS 5.9 x86_64
Red Hat Enterprise Linux Server - AUS 5.9 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.9 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.9 ppc
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 i386
Red Hat Enterprise Linux Server - AUS 5.9 ia64

Fixes

BZ - 864566 - CVE-2012-4545 elinks: Improper delegation of client credentials during GSS negotiation

CVEs

CVE-2012-4545

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
x86_64
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
i386
elinks-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348

Red Hat Enterprise Linux Server 5

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
x86_64
elinks-0.11.1-8.el5_9.x86_64.rpm	SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm	SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
ia64
elinks-0.11.1-8.el5_9.ia64.rpm	SHA-256: 90eb1ecdbce218d54a571b00673da1488a73f3829c25f3ff220ffbe07b89d9a9
elinks-debuginfo-0.11.1-8.el5_9.ia64.rpm	SHA-256: 038d6a3e1ce51d14db0d8de522b923410321a17733a450339c2245f67c0d4ef4
i386
elinks-0.11.1-8.el5_9.i386.rpm	SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm	SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01

Red Hat Enterprise Linux Server - Extended Update Support 6.3

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
x86_64
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
i386
elinks-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348

Red Hat Enterprise Linux Server - Extended Update Support 5.9

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
x86_64
elinks-0.11.1-8.el5_9.x86_64.rpm	SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm	SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
ia64
elinks-0.11.1-8.el5_9.ia64.rpm	SHA-256: 90eb1ecdbce218d54a571b00673da1488a73f3829c25f3ff220ffbe07b89d9a9
elinks-debuginfo-0.11.1-8.el5_9.ia64.rpm	SHA-256: 038d6a3e1ce51d14db0d8de522b923410321a17733a450339c2245f67c0d4ef4
i386
elinks-0.11.1-8.el5_9.i386.rpm	SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm	SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01

Red Hat Enterprise Linux Workstation 6

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
x86_64
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
i386
elinks-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348

Red Hat Enterprise Linux Desktop 6

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
x86_64
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
i386
elinks-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348

Red Hat Enterprise Linux Desktop 5

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
x86_64
elinks-0.11.1-8.el5_9.x86_64.rpm	SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm	SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
i386
elinks-0.11.1-8.el5_9.i386.rpm	SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm	SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
s390x
elinks-0.12-0.21.pre5.el6_3.s390x.rpm	SHA-256: 2c690b2f94c400cee07c6fb95f827287b60f216ecbc82db2c41d5e7f4176e35e
elinks-debuginfo-0.12-0.21.pre5.el6_3.s390x.rpm	SHA-256: cf44bd5e86a6251a3f7978f771c6dded07a447f99009292dd56f97221a5bb122

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
s390x
elinks-0.11.1-8.el5_9.s390x.rpm	SHA-256: e89f813619fd487a102cf8e1456b550676c241557cb406b5de1d90393c8d8628
elinks-debuginfo-0.11.1-8.el5_9.s390x.rpm	SHA-256: a347147717062b99bbbbd8c5ce9cf9f00594176dacff8d207091148b38dfd7c3

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
s390x
elinks-0.12-0.21.pre5.el6_3.s390x.rpm	SHA-256: 2c690b2f94c400cee07c6fb95f827287b60f216ecbc82db2c41d5e7f4176e35e
elinks-debuginfo-0.12-0.21.pre5.el6_3.s390x.rpm	SHA-256: cf44bd5e86a6251a3f7978f771c6dded07a447f99009292dd56f97221a5bb122

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.9

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
s390x
elinks-0.11.1-8.el5_9.s390x.rpm	SHA-256: e89f813619fd487a102cf8e1456b550676c241557cb406b5de1d90393c8d8628
elinks-debuginfo-0.11.1-8.el5_9.s390x.rpm	SHA-256: a347147717062b99bbbbd8c5ce9cf9f00594176dacff8d207091148b38dfd7c3

Red Hat Enterprise Linux for Power, big endian 6

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
ppc64
elinks-0.12-0.21.pre5.el6_3.ppc64.rpm	SHA-256: 3eaee5351d0da08e3ee9bb4294c1fb73a440c2ae7cc2623822791fd19dc0729e
elinks-debuginfo-0.12-0.21.pre5.el6_3.ppc64.rpm	SHA-256: bd942ef09cc0cd73db35668ff1dcce03eb86ba944b97659c26308ba92f95658c

Red Hat Enterprise Linux for Power, big endian 5

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
ppc
elinks-0.11.1-8.el5_9.ppc.rpm	SHA-256: ff2f9e53d86283f9e3b6c0bcc2845a01ecf020ac0006730f1a681e505948eae4
elinks-debuginfo-0.11.1-8.el5_9.ppc.rpm	SHA-256: 44a3f50b5d3e2f950f8f04eb949ddeebea15a38466fc9057c32a9fc17c80bc78

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
ppc64
elinks-0.12-0.21.pre5.el6_3.ppc64.rpm	SHA-256: 3eaee5351d0da08e3ee9bb4294c1fb73a440c2ae7cc2623822791fd19dc0729e
elinks-debuginfo-0.12-0.21.pre5.el6_3.ppc64.rpm	SHA-256: bd942ef09cc0cd73db35668ff1dcce03eb86ba944b97659c26308ba92f95658c

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.9

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
ppc
elinks-0.11.1-8.el5_9.ppc.rpm	SHA-256: ff2f9e53d86283f9e3b6c0bcc2845a01ecf020ac0006730f1a681e505948eae4
elinks-debuginfo-0.11.1-8.el5_9.ppc.rpm	SHA-256: 44a3f50b5d3e2f950f8f04eb949ddeebea15a38466fc9057c32a9fc17c80bc78

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
x86_64
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64

Red Hat Enterprise Linux Server from RHUI 6

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
x86_64
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
i386
elinks-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348

Red Hat Enterprise Linux Server from RHUI 5

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
x86_64
elinks-0.11.1-8.el5_9.x86_64.rpm	SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm	SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
i386
elinks-0.11.1-8.el5_9.i386.rpm	SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm	SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3

SRPM
elinks-0.12-0.21.pre5.el6_3.src.rpm	SHA-256: 0aff65823d2a6ad63891d11942612e9c128ae29d9d129057343777bdf8ad91c3
x86_64
elinks-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 1a48d89768d68056af53c3c9023b0555a6723bb210eff308e3942f2fe5b0ab12
elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm	SHA-256: 574323587c141504316ac8f22228459c5eaf12ac70c38f7d54445384ac2dbd64
i386
elinks-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 133a8c89c5fb8625e525f7a0a9de0a793f78cf64c3680bcf9c00eff2867a3f95
elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm	SHA-256: 5843133cd79e9aea3f547c9c53a881d4692481671ccdf1af5db587b0b0351348

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
x86_64
elinks-0.11.1-8.el5_9.x86_64.rpm	SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm	SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
i386
elinks-0.11.1-8.el5_9.i386.rpm	SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm	SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
x86_64
elinks-0.11.1-8.el5_9.x86_64.rpm	SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm	SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
ia64
elinks-0.11.1-8.el5_9.ia64.rpm	SHA-256: 90eb1ecdbce218d54a571b00673da1488a73f3829c25f3ff220ffbe07b89d9a9
elinks-debuginfo-0.11.1-8.el5_9.ia64.rpm	SHA-256: 038d6a3e1ce51d14db0d8de522b923410321a17733a450339c2245f67c0d4ef4
i386
elinks-0.11.1-8.el5_9.i386.rpm	SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm	SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01

Red Hat Enterprise Linux Workstation 5

SRPM
elinks-0.11.1-8.el5_9.src.rpm	SHA-256: 62023829fe1efac3194a8fb967a4cf763933fc53f0965375dc8e6cd259c58ac6
x86_64
elinks-0.11.1-8.el5_9.x86_64.rpm	SHA-256: f12c9f77bfbae7d57a972a09e48410cc0c1adb4da0ec522de7a014431cf2087d
elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm	SHA-256: 443593021808f9f08a1547fd3da2f0a24e2b8e2e9e479f3b37f74c6db97e3688
i386
elinks-0.11.1-8.el5_9.i386.rpm	SHA-256: 42302cbac6cbb3d8c311fe4dfcccd9605995c10d649635528b4b629399e301c9
elinks-debuginfo-0.11.1-8.el5_9.i386.rpm	SHA-256: 6464160d1761cb91840febd8acff73e8f53def68e3bcba75301dc6a50cdc8f01

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.