Advisories » MGASA-2017-0052

Updated lynx packages fix security vulnerability

Publication date: 20 Feb 2017
Modification date: 20 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9179

Description

Lynx doesn't parse the authority component of the URL correctly when the
host name part ends with '?', and could instead be tricked into connecting
to a different host. (CVE-2016-9179)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19714
• http://openwall.com/lists/oss-security/2016/11/04/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9179

SRPMS

5/core

• lynx-2.8.8-1.rel2.3.1.mga5