Ubuntu has issued an advisory on November 29: http://www.ubuntu.com/usn/usn-1642-1/ Updated package uploaded for Cauldron. Patched package uploaded for Mageia 1 and Mageia 2. Advisory: ======================== Updated lynx package fixes security vulnerability: Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function (CVE-2012-5821). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821 http://www.ubuntu.com/usn/usn-1642-1/ ======================== Updated packages in core/updates_testing: ======================== lynx-2.8.7-4.1.mga1 lynx-2.8.7-4.1.mga2 from SRPMS: lynx-2.8.7-4.1.mga1.src.rpm lynx-2.8.7-4.1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
No PoC so just checking lynx with https
Testing complete mga2 32 & 64 Tested with properly signed and self signed https
Whiteboard: MGA1TOO => MGA1TOO mga2-32-OK mga2-64-OK
Testing complete mga1 32 & 64 same way Validating Advisory and srpms for mga1 & 2 in comment 0 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO mga2-32-OK mga2-64-OK => MGA1TOO mga2-32-OK mga2-64-OK mga1-32-OK mga1-64-OK
URL: (none) => http://lwn.net/Vulnerabilities/527723/
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED