Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2008-0965)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122547

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2008-0965)

Resumen: The remote host is missing an update for the 'lynx' package(s) announced via the ELSA-2008-0965 advisory.

Descripción: Summary:
The remote host is missing an update for the 'lynx' package(s) announced via the ELSA-2008-0965 advisory.

Vulnerability Insight:
[2.8.5-28.1.1]
- add patch for CVE-2008-4690 (rhbz#468184)
- prompt user before executing commands from the lynxcgi: handler,
even in the advanced user mode
- mark all lynxcgi: URIs as untrusted in the default lynx.cfg
- add patch to prevent lynx from opening configuration files in the
current working directory (CVE to be assigned) (rhbz#214205)

Affected Software/OS:
'lynx' package(s) on Oracle Linux 3, Oracle Linux 4, Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-7234
1021107
http://www.securitytracker.com/id?1021107
31917
http://www.securityfocus.com/bid/31917
32407
http://secunia.com/advisories/32407
32416
http://secunia.com/advisories/32416
33568
http://secunia.com/advisories/33568
MDVSA-2008:217
http://www.mandriva.com/security/advisories?name=MDVSA-2008:217
RHSA-2008:0965
http://www.redhat.com/support/errata/RHSA-2008-0965.html
SUSE-SR:2009:002
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
[oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw
http://www.openwall.com/lists/oss-security/2008/10/25/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949
https://bugzilla.redhat.com/show_bug.cgi?id=214205
lynx-mailcap-mimetype-code-execution(46132)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46132
oval:org.mitre.oval:def:9719
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719
Common Vulnerability Exposure (CVE) ID: CVE-2008-4690
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:218
http://www.openwall.com/lists/oss-security/2008/10/09/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204
http://www.securitytracker.com/id?1021105
http://secunia.com/advisories/32967
SuSE Security Announcement: SUSE-SR:2009:002 (Google Search)
XForce ISS Database: lynx-lynxcgi-code-execution(46228)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46228

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122547
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2008-0965)
Resumen:	The remote host is missing an update for the 'lynx' package(s) announced via the ELSA-2008-0965 advisory.
Descripción:	Summary: The remote host is missing an update for the 'lynx' package(s) announced via the ELSA-2008-0965 advisory. Vulnerability Insight: [2.8.5-28.1.1] - add patch for CVE-2008-4690 (rhbz#468184) - prompt user before executing commands from the lynxcgi: handler, even in the advanced user mode - mark all lynxcgi: URIs as untrusted in the default lynx.cfg - add patch to prevent lynx from opening configuration files in the current working directory (CVE to be assigned) (rhbz#214205) Affected Software/OS: 'lynx' package(s) on Oracle Linux 3, Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-7234 1021107 http://www.securitytracker.com/id?1021107 31917 http://www.securityfocus.com/bid/31917 32407 http://secunia.com/advisories/32407 32416 http://secunia.com/advisories/32416 33568 http://secunia.com/advisories/33568 MDVSA-2008:217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 RHSA-2008:0965 http://www.redhat.com/support/errata/RHSA-2008-0965.html SUSE-SR:2009:002 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html [oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw http://www.openwall.com/lists/oss-security/2008/10/25/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949 https://bugzilla.redhat.com/show_bug.cgi?id=214205 lynx-mailcap-mimetype-code-execution(46132) https://exchange.xforce.ibmcloud.com/vulnerabilities/46132 oval:org.mitre.oval:def:9719 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719 Common Vulnerability Exposure (CVE) ID: CVE-2008-4690 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 http://www.openwall.com/lists/oss-security/2008/10/09/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204 http://www.securitytracker.com/id?1021105 http://secunia.com/advisories/32967 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) XForce ISS Database: lynx-lynxcgi-code-execution(46228) https://exchange.xforce.ibmcloud.com/vulnerabilities/46228
Copyright	Copyright (C) 2015 Greenbone AG