Mageia Bugzilla – Bug 8252
lynx new security issue CVE-2012-5821
Last modified: 2012-11-30 23:36:32 CET
Ubuntu has issued an advisory on November 29:
Updated package uploaded for Cauldron.
Patched package uploaded for Mageia 1 and Mageia 2.
Updated lynx package fixes security vulnerability:
Lynx does not verify that the server's certificate is signed by a trusted
certification authority, which allows man-in-the-middle attackers to spoof
SSL servers via a crafted certificate, related to improper use of a certain
GnuTLS function (CVE-2012-5821).
Updated packages in core/updates_testing:
No PoC so just checking lynx with https
Testing complete mga2 32 & 64
Tested with properly signed and self signed https
Testing complete mga1 32 & 64 same way
Advisory and srpms for mga1 & 2 in comment 0
Could sysadmin please push from core/updates_testing to core/updates