Red Hat Product Errata RHSA-2022:2129 - Security Advisory
Issued:
2022-05-10
Updated:
2022-05-10

RHSA-2022:2129 - Security Advisory

Synopsis

Moderate: lynx security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for lynx is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags.

Security Fix(es):

  • lynx: Disclosure of HTTP authentication credentials via SNI data (CVE-2021-38165)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

  • BZ - 1994998 - CVE-2021-38165 lynx: Disclosure of HTTP authentication credentials via SNI data

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
x86_64
lynx-2.8.9-4.el8.x86_64.rpm SHA-256: 4301bb0bc0d9a63564a746837eb2e9c9dcd8db0aeb0cb7b7da4c72172240e373
lynx-debuginfo-2.8.9-4.el8.x86_64.rpm SHA-256: a1b02626de5f8ad5f68c3be2e5805b608d2b9bae1f19fff39622c3fdfd2c93f9
lynx-debugsource-2.8.9-4.el8.x86_64.rpm SHA-256: 585ecd210a186bd23d4a41d374adeecaa7a5f1a6c499c6ba808827cfc7ab9c74

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
ppc64le
lynx-2.8.9-4.el8.ppc64le.rpm SHA-256: b166b270705d68151530d8cb86543b1aba83dd1cd1d2c0a76fe7dc726b090a44
lynx-debuginfo-2.8.9-4.el8.ppc64le.rpm SHA-256: 9e584300ee78cfbd2e61639b73c7e2697209924be8953bd89b3198aa8fffd0ab
lynx-debugsource-2.8.9-4.el8.ppc64le.rpm SHA-256: 9e0124f0d6d919f4b64a8b96f2f16cdec211b6e2df394b2bd5063bf60aea5e05

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
aarch64
lynx-2.8.9-4.el8.aarch64.rpm SHA-256: 0056a7903890ae0ed609255c41360b1766f9f51ebebc2ba10545599018b62c10
lynx-debuginfo-2.8.9-4.el8.aarch64.rpm SHA-256: 8ccf81b8ad77272309b82623b5b2ede003ea32a6958dceb7b2cfc944fac58a8f
lynx-debugsource-2.8.9-4.el8.aarch64.rpm SHA-256: 4c5ab59c8b9d42bd811bd150cd709072966ac0c6879b7371a832f8417dec82d1

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
s390x
lynx-2.8.9-4.el8.s390x.rpm SHA-256: 3475b6eb493a4d27f3f740a49febab877dead7156281d42772ee92d87b62046b
lynx-debuginfo-2.8.9-4.el8.s390x.rpm SHA-256: bad647484405ac28c20338b807f52c671e6d05357266528fd429f1fa08c457c3
lynx-debugsource-2.8.9-4.el8.s390x.rpm SHA-256: c8e28394f24ceed736667eb13a77134bc418b918e63fb7f3fe4ba612303a9e5e

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
x86_64
lynx-2.8.9-4.el8.x86_64.rpm SHA-256: 4301bb0bc0d9a63564a746837eb2e9c9dcd8db0aeb0cb7b7da4c72172240e373
lynx-debuginfo-2.8.9-4.el8.x86_64.rpm SHA-256: a1b02626de5f8ad5f68c3be2e5805b608d2b9bae1f19fff39622c3fdfd2c93f9
lynx-debugsource-2.8.9-4.el8.x86_64.rpm SHA-256: 585ecd210a186bd23d4a41d374adeecaa7a5f1a6c499c6ba808827cfc7ab9c74

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
x86_64
lynx-2.8.9-4.el8.x86_64.rpm SHA-256: 4301bb0bc0d9a63564a746837eb2e9c9dcd8db0aeb0cb7b7da4c72172240e373
lynx-debuginfo-2.8.9-4.el8.x86_64.rpm SHA-256: a1b02626de5f8ad5f68c3be2e5805b608d2b9bae1f19fff39622c3fdfd2c93f9
lynx-debugsource-2.8.9-4.el8.x86_64.rpm SHA-256: 585ecd210a186bd23d4a41d374adeecaa7a5f1a6c499c6ba808827cfc7ab9c74

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
ppc64le
lynx-2.8.9-4.el8.ppc64le.rpm SHA-256: b166b270705d68151530d8cb86543b1aba83dd1cd1d2c0a76fe7dc726b090a44
lynx-debuginfo-2.8.9-4.el8.ppc64le.rpm SHA-256: 9e584300ee78cfbd2e61639b73c7e2697209924be8953bd89b3198aa8fffd0ab
lynx-debugsource-2.8.9-4.el8.ppc64le.rpm SHA-256: 9e0124f0d6d919f4b64a8b96f2f16cdec211b6e2df394b2bd5063bf60aea5e05

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
ppc64le
lynx-2.8.9-4.el8.ppc64le.rpm SHA-256: b166b270705d68151530d8cb86543b1aba83dd1cd1d2c0a76fe7dc726b090a44
lynx-debuginfo-2.8.9-4.el8.ppc64le.rpm SHA-256: 9e584300ee78cfbd2e61639b73c7e2697209924be8953bd89b3198aa8fffd0ab
lynx-debugsource-2.8.9-4.el8.ppc64le.rpm SHA-256: 9e0124f0d6d919f4b64a8b96f2f16cdec211b6e2df394b2bd5063bf60aea5e05

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
s390x
lynx-2.8.9-4.el8.s390x.rpm SHA-256: 3475b6eb493a4d27f3f740a49febab877dead7156281d42772ee92d87b62046b
lynx-debuginfo-2.8.9-4.el8.s390x.rpm SHA-256: bad647484405ac28c20338b807f52c671e6d05357266528fd429f1fa08c457c3
lynx-debugsource-2.8.9-4.el8.s390x.rpm SHA-256: c8e28394f24ceed736667eb13a77134bc418b918e63fb7f3fe4ba612303a9e5e

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
s390x
lynx-2.8.9-4.el8.s390x.rpm SHA-256: 3475b6eb493a4d27f3f740a49febab877dead7156281d42772ee92d87b62046b
lynx-debuginfo-2.8.9-4.el8.s390x.rpm SHA-256: bad647484405ac28c20338b807f52c671e6d05357266528fd429f1fa08c457c3
lynx-debugsource-2.8.9-4.el8.s390x.rpm SHA-256: c8e28394f24ceed736667eb13a77134bc418b918e63fb7f3fe4ba612303a9e5e

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
aarch64
lynx-2.8.9-4.el8.aarch64.rpm SHA-256: 0056a7903890ae0ed609255c41360b1766f9f51ebebc2ba10545599018b62c10
lynx-debuginfo-2.8.9-4.el8.aarch64.rpm SHA-256: 8ccf81b8ad77272309b82623b5b2ede003ea32a6958dceb7b2cfc944fac58a8f
lynx-debugsource-2.8.9-4.el8.aarch64.rpm SHA-256: 4c5ab59c8b9d42bd811bd150cd709072966ac0c6879b7371a832f8417dec82d1

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6

SRPM
lynx-2.8.9-4.el8.src.rpm SHA-256: a280a8a717ad3112215b0e4562600fc6ab319ab7ee3a41f2083445add224cc7e
aarch64
lynx-2.8.9-4.el8.aarch64.rpm SHA-256: 0056a7903890ae0ed609255c41360b1766f9f51ebebc2ba10545599018b62c10
lynx-debuginfo-2.8.9-4.el8.aarch64.rpm SHA-256: 8ccf81b8ad77272309b82623b5b2ede003ea32a6958dceb7b2cfc944fac58a8f
lynx-debugsource-2.8.9-4.el8.aarch64.rpm SHA-256: 4c5ab59c8b9d42bd811bd150cd709072966ac0c6879b7371a832f8417dec82d1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.