Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Lynx user? Upgrade it! SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Lynx user? Upgrade it!
If you are a lynx user, prepare yourself to upgrade it.
According to an advisory from iDefense, there is a Command Injection Vulnerability on it, that "could allow attackers to execute arbitrary commands with the privileges of the underlying user.".

Some patch links:

Development version 2.8.6dev.15 has been released to address this issue
and is available from the following URLs:

 http://lynx.isc.org/current/lynx2.8.6dev.15.tar.Z
 http://lynx.isc.org/current/lynx2.8.6dev.15.tar.bz2
 http://lynx.isc.org/current/lynx2.8.6dev.15.tar.gz
 http://lynx.isc.org/current/lynx2.8.6dev.15.zip

Alternately, an incremental patch is available at:
 http://lynx.isc.org/current/2.8.6dev.15.patch.gz

-------------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!