Bug 8543 - elinks new security issue CVE-2012-4545
: elinks new security issue CVE-2012-4545
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/530901/
: MGA2-64-OK MGA2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-12-29 03:26 CET by David Walser
Modified: 2012-12-31 23:29 CET (History)
3 users (show)

See Also:
Source RPM: elinks-0.12-1.mga1.src.rpm
CVE:


Attachments

Description David Walser 2012-12-29 03:26:03 CET
Debian has issued an advisory today (December 28):
http://www.debian.org/security/2012/dsa-2592

Patched package uploaded for Mageia 2 and Cauldron.

Patch also checked into Mageia 1 SVN.

Advisory:
========================

Updated elinks package fixes security vulnerability:

Marko Myllynen discovered that ELinks, a powerful text-mode browser,
incorrectly delegates user credentials during GSS-Negotiate (CVE-2012-4545).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4545
http://www.debian.org/security/2012/dsa-2592
========================

Updated packages in core/updates_testing:
========================
elinks-0.12-1.1.mga2

from elinks-0.12-1.1.mga2.src.rpm
Comment 1 Dave Hodgins 2012-12-30 19:53:47 CET
I've never heard of GSS-Negotiate before.  Found a description at
https://datatracker.ietf.org/doc/rfc4559/

There's no POC, that I can find.  For testing, just confirming simple
web pages are working.

Testing complete on Mageia 2 i586 and x86-64.

Could someone from the sysadmin team push the srpm
elinks-0.12-1.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated elinks package fixes security vulnerability:

Marko Myllynen discovered that ELinks, a powerful text-mode browser,
incorrectly delegates user credentials during GSS-Negotiate (CVE-2012-4545).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4545
http://www.debian.org/security/2012/dsa-2592

https://bugs.mageia.org/show_bug.cgi?id=8543
Comment 2 Thomas Backlund 2012-12-31 23:29:22 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0373

Note You need to log in before you can comment on or make changes to this bug.