MDVSA-2008:218 -- Mandriva lynx
|ID: oval:org.secpod.oval:def:301478||Date: (C)2012-01-07 (M)2018-06-02|
|Class: PATCH||Family: unix|
A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode . This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
|Mandriva Linux 2009.0|
|Mandriva Linux 2008.1|
|Mandriva Linux 2008.0|