| Summary: | elinks new security issue CVE-2012-4545 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/530901/ | ||
| Whiteboard: | MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | elinks-0.12-1.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-12-29 03:26:03 CET
I've never heard of GSS-Negotiate before. Found a description at https://datatracker.ietf.org/doc/rfc4559/ There's no POC, that I can find. For testing, just confirming simple web pages are working. Testing complete on Mageia 2 i586 and x86-64. Could someone from the sysadmin team push the srpm elinks-0.12-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated elinks package fixes security vulnerability: Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate (CVE-2012-4545). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4545 http://www.debian.org/security/2012/dsa-2592 https://bugs.mageia.org/show_bug.cgi?id=8543 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0373 Status:
NEW =>
RESOLVED |