DSA 1076-1: New lynx packages fix denial of service
Posted on: 05/26/2006 04:12 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1076-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : lynx
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2004-1617
BugTraq ID : 11443
Debian Bug : 296340

Michal Zalewski discovered that lynx, the popular text-mode WWW
Browser, is not able to grok invalid HTML including a TEXTAREA tag
with a large COLS value and a large tag name in an element that is not
terminated, and loops forever trying to render the broken HTML.

For the old stable distribution (woody) this problem has been fixed in
version 2.8.4.1b-3.4.

For the stable distribution (sarge) this problem has been fixed in
version 2.8.5-2sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.8.5-2sarge2.

We recommend that you upgrade your lynx package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.dsc
Size/MD5 checksum: 581 a9853909c61c5ef2fcc8868599f9b875
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.diff.gz
Size/MD5 checksum: 16334 74bce8912c28f979c33055a012cf29d6
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_alpha.deb
Size/MD5 checksum: 1610344 3e1ec04a0c6532506519e8051a0067b6

ARM architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_arm.deb
Size/MD5 checksum: 1487906 a06ad20f4d8a0ce1cc0d59a0dfa24e9b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_i386.deb
Size/MD5 checksum: 1444914 cb6449afd1e3029d06606bf823e0f064

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_ia64.deb
Size/MD5 checksum: 1762966 cb0b05d5cb148372fd2cd3d2e99843cc

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_hppa.deb
Size/MD5 checksum: 1555454 79392b2914654a7d4519247d9584e816

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_m68k.deb
Size/MD5 checksum: 1405980 1df4dff2fc4191ee512811e0ac42c361

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mips.deb
Size/MD5 checksum: 1508022 d5b58fc5611b1ea1d37bc5a1034478f1

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mipsel.deb
Size/MD5 checksum: 1504120 1078ef11583d9664fecd2d9d5712ecad

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_powerpc.deb
Size/MD5 checksum: 1491256 2967d2f0c3a722b4b42a2b06510aabcc

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_s390.deb
Size/MD5 checksum: 1463536 5a5692d6d572ef301d052e7e8c62d004

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_sparc.deb
Size/MD5 checksum: 1492926 6bb21df62a773736a1f694cedacea3de


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.dsc
Size/MD5 checksum: 616 241c00a777c333b7270d8dbdaa4ad210
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.diff.gz
Size/MD5 checksum: 17357 22b394977569bbeda207bfb5bcb42175
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
Size/MD5 checksum: 2984352 5f516a10596bd52c677f9bfd9579bc28

Alpha architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_alpha.deb
Size/MD5 checksum: 1994618 4a23d6234470f59a47100bcd13d18a51

AMD64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_amd64.deb
Size/MD5 checksum: 1881876 046312043fffdbcf5ad218074e21e119

ARM architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_arm.deb
Size/MD5 checksum: 1853176 0d33e5835a479accab8c3282cdc19c14

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_i386.deb
Size/MD5 checksum: 1854894 1e525c61aac1e0fac0ddad4d9e15d8f6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_ia64.deb
Size/MD5 checksum: 2128572 78bfa4c383e41d352b67595da80904c9

HP Precision architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_hppa.deb
Size/MD5 checksum: 1909746 371fb69c98ff2e510861ba210ec11bda

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m68k.deb
Size/MD5 checksum: 1780836 bdf8b0d6a711cf21202ef86189cfb8bf

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mips.deb
Size/MD5 checksum: 1894118 9be5baba4f5e3f99b618553c4252b289

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mipsel.deb
Size/MD5 checksum: 1889604 11840739365387bb4741099f9310c77c

PowerPC architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_powerpc.deb
Size/MD5 checksum: 1878302 4885a52c8ad1992335f5c9f87ef522cf

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_s390.deb
Size/MD5 checksum: 1866982 8125a8d85817c29d3984fdb2d2ac4df6

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_sparc.deb
Size/MD5 checksum: 1861484 407b283a4c8656a0ef1a5935780c8204


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEdwhJW5ql+IAeqTIRAr+IAJ9Qn7H5oFJJYyZuN8oaxgUXsZAy+ACgjRn7
aWMRPJtnJ5Xf2D5V0OuRTic=
=n7+V
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1076_1_new_lynx_packages_fix_denial_of_service.html)