|
Family: Debian Local Security Checks --> Category: infos
[DSA1077] DSA-1077-1 lynx-ssl Vulnerability Scan
Vulnerability Scan Summary DSA-1077-1 lynx-ssl
Detailed Explanation for this Vulnerability Test
Michal Zalewski discovered that lynx, the popular text-mode WWW
Browser, is not able to grok invalid HTML including a TEXTAREA tag
with a large COLS value and a large tag name in an element that is not
terminated, and loops forever trying to render the broken HTML. The
same code is present in lynx-ssl.
For the old stable distribution (woody) this problem has been fixed in
version 2.8.4.1b-3.3.
The stable distribution (sarge) does not contain lynx-ssl packages
anymore.
The unstable distribution (sid) does not contain lynx-ssl packages
anymore.
We recommend that you upgrade your lynx-ssl package.
Solution : http://www.debian.org/security/2006/dsa-1077
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|