[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0250 -- Oracle elinks

ID: oval:org.secpod.oval:def:1500041Date: (C)2013-03-20   (M)2023-12-07
Class: PATCHFamily: unix




An updated elinks package that fixes one security issue is now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. ELinks is a text-based web browser. ELinks does not display any images, butit does support frames, tables, and most other HTML tags.It was found that ELinks performed client credentials delegation during theclient-to-server GSS security mechanisms negotiation. A rogue server coulduse this flaw to obtain the client's credentials and impersonate thatclient to other servers that are using GSSAPI. This issue was discovered by Marko Myllynen of Red Hat.All ELinks users are advised to upgrade to this updated package, whichcontains a backported patch to resolve the issue.

Platform:
Oracle Linux 6
Product:
elinks
Reference:
ELSA-2013-0250
CVE-2012-4545
CVE    1
CVE-2012-4545
CPE    7
cpe:/a:elinks:elinks:0.12:pre1
cpe:/a:elinks:elinks:0.12:pre4
cpe:/a:elinks:elinks:0.12:pre5
cpe:/a:elinks:elinks:0.12:pre2
...

© SecPod Technologies