Bug 11855

Summary: links new security issue CVE-2013-6050
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, oe, sysadmin-bugs, tmb
Version: 3Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/575349/
Whiteboard: advisory MGA3-64-OK MGA3-32-OK
Source RPM: links-2.7-4.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-12-02 17:32:37 CET 
Debian has issued an advisory on November 30:
http://www.debian.org/security/2013/dsa-2807

The issue was fixed upstream in 2.8, which we have in Cauldron.

Patched package uploaded for Mageia 3.

As the Debian advisory suggests, only the links-graphic subpackage is affected.

Advisory:
========================

Updated links packages fix security vulnerability:

Mikulas Patocka discovered an integer overflow in the parsing of HTML tables
in the Links web browser. This can only be exploited when running Links in
graphical mode (CVE-2013-6050).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6050
http://www.debian.org/security/2013/dsa-2807
========================

Updated packages in core/updates_testing:
========================
links-2.7-4.1.mga3
links-graphic-2.7-4.1.mga3
links-common-2.7-4.1.mga3

from links-2.7-4.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 Dave Hodgins 2013-12-02 20:35:07 CET 
Advisory 11855.adv committed to svn.

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 2 Dave Hodgins 2013-12-02 20:54:32 CET 
Testing complete on Mageia 3 i586 and x86_64.

Someone from the sysadmin team please push 11855.adv to updates.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 3 Thomas Backlund 2013-12-06 23:04:34 CET 
Update pusned:
http://advisories.mageia.org/MGASA-2013-0364.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 4 Oden Eriksson 2013-12-17 15:01:23 CET 
links-hacked-0.0.031220-35.mga3.src.rpm is unaffected?

CC: (none) => oe

Comment 5 David Walser 2013-12-17 16:38:54 CET 
(In reply to Oden Eriksson from comment #4)
> links-hacked-0.0.031220-35.mga3.src.rpm is unaffected?

I have no idea.  The upstream website looks like it hasn't been updated in years, you can't get a directory listing of the upstream downloads directory, or anything else with a listing of versions, the source tarball has no URL.  I'm not a big fan of packaging strange forks like this.  There's also elinks...