MDVSA-2008:218 -- Mandriva lynxID: oval:org.secpod.oval:def:301478 | Date: (C)2012-01-07 (M)2021-07-09 |
Class: PATCH | Family: unix |
A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode . This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |
Mandriva Linux 2008.0 |