FrSIRT - Fedora Security Update Fixes Lynx Remote Buffer Overflow Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Lynx Remote Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes Lynx Remote Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2005-2124
CVE ID : CVE-2005-3120
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-18

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released updated packages to correct a vulnerability identified in Lynx [...]

Solution

Upgrade the affected package :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

fdbaaff433cb649b3885b831cfe9d538 SRPMS/lynx-2.8.5-18.0.1.src.rpm
2335e89d1ed378a38a12dcb9402f3cec x86_64/lynx-2.8.5-18.0.1.x86_64.rpm
5b7385421cadb7094250ea302a08ab24 x86_64/debug/lynx-debuginfo-2.8.5-18.0.1.x86_64.rpm
632c6928877f4e7c1922d06c79a3444f i386/lynx-2.8.5-18.0.1.i386.rpm
4d1d7a88b9782979c697e95dd4fc8386 i386/debug/lynx-debuginfo-2.8.5-18.0.1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

0aff3f237d549faf4761df85fa7b5292 SRPMS/lynx-2.8.5-23.1.src.rpm
f35975eed95b9d3f54c04acbbc3ccde8 ppc/lynx-2.8.5-23.1.ppc.rpm
efdd58234b1ad7d5aa4cc74b92b3cd19 ppc/debug/lynx-debuginfo-2.8.5-23.1.ppc.rpm
491d61c1e642df2d97eeb68089875521 x86_64/lynx-2.8.5-23.1.x86_64.rpm
d5430134a3f81dd79c58467385f0ab1d x86_64/debug/lynx-debuginfo-2.8.5-23.1.x86_64.rpm
00b31da69c3edb8fe480f0017013386d i386/lynx-2.8.5-23.1.i386.rpm
d89bc8b6a3f3f8d74416b57a08d214f5 i386/debug/lynx-debuginfo-2.8.5-23.1.i386.rpm

ChangeLog

2005-10-18 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Logical Domain Manager Local Privilege Escalation Vulnerability
	Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability
	Sun Java Messaging Server Cross Site Scripting Vulnerability
	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability
	Sun Java System Identity Manager Security Bypass Vulnerabilities
	Sun Solaris DHCP Buffer Overflow and Denial of Service
	Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities
	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities