Red Hat 9038 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: elinks security update
Advisory ID: RHSA-2007:0933-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0933.html
Issue date: 2007-10-03
Updated on: 2007-10-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-5034
- ---------------------------------------------------------------------

1. Summary:

An updated ELinks package that corrects a security vulnerability is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

ELinks is a text mode Web browser used from the command line that supports
rendering modern web pages.

An information disclosure flaw was found in the way ELinks passes https
POST data to a proxy server. POST data sent via a proxy to an https site is
not properly encrypted by ELinks, possibly allowing the disclosure of
sensitive information. (CVE-2007-5034)

All users of Elinks are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm

ppc:
2901b97c6ad3dd7fae25a44348b82812 elinks-0.9.2-3.3.5.2.ppc.rpm
7a16ed80746799f184ca44be4a096bb5 elinks-debuginfo-0.9.2-3.3.5.2.ppc.rpm

s390:
1d225484d90ff04080c3d570dd54e8d5 elinks-0.9.2-3.3.5.2.s390.rpm
4e84ed71e7c0f40106d6aeb254615c08 elinks-debuginfo-0.9.2-3.3.5.2.s390.rpm

s390x:
f9d32215514a0c003d315cb8a22305bc elinks-0.9.2-3.3.5.2.s390x.rpm
bb7f869803f4066e57cd65438016ec72 elinks-debuginfo-0.9.2-3.3.5.2.s390x.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm
f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm

i386:
740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm
317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm

ia64:
d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm
b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm

x86_64:
ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm
947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/elinks-0.11.1-5.1.0.1.el5.src.rpm
df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm

i386:
7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm
073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm

x86_64:
5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm
536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/elinks-0.11.1-5.1.0.1.el5.src.rpm
df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm

i386:
7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm
073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm

ia64:
7bc784e2951af8725c9876a28c942c5d elinks-0.11.1-5.1.0.1.el5.ia64.rpm
15bf78d4bab60a721c2dd815522cd34c elinks-debuginfo-0.11.1-5.1.0.1.el5.ia64.rpm

ppc:
04978852cf223ad9d338eea7e4fffe07 elinks-0.11.1-5.1.0.1.el5.ppc.rpm
b085052c86f584b8a7f3dcfb01a490f8 elinks-debuginfo-0.11.1-5.1.0.1.el5.ppc.rpm

s390x:
32cce00b9e70804720d80e5c2dd80960 elinks-0.11.1-5.1.0.1.el5.s390x.rpm
987063ebff12a8d7358d854f671388a3 elinks-debuginfo-0.11.1-5.1.0.1.el5.s390x.rpm

x86_64:
5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm
536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHA7pqXlSAg2UNWIIRAqU+AKCaV1t53hJ9xjc26607pniXoIEr2ACfXKhv
oGS7xQLedqabAGZlQtgeH1I=
=8v5x
-----END PGP SIGNATURE-----