ALT-PU-2024-15074-1
Package lynx updated to version 2.9.2-alt1.rel.0 for branch sisyphus_loongarch64.
Closed vulnerabilities
Published: 2021-08-06
BDU:2022-00255
Уязвимость подкомпонента userinfo текстового веб-браузера Lynx, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (5.3)
Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2021-08-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- https://bugs.debian.org/991971
- https://bugs.debian.org/991971
- https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118
- https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118
- [debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update
- [debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update
- FEDORA-2021-57287bd052
- FEDORA-2021-57287bd052
- FEDORA-2021-232161e4d5
- FEDORA-2021-232161e4d5
- FEDORA-2021-f59bda7d94
- FEDORA-2021-f59bda7d94
- https://lynx.invisible-island.net/current/CHANGES.html
- https://lynx.invisible-island.net/current/CHANGES.html
- DSA-4953
- DSA-4953
- https://www.openwall.com/lists/oss-security/2021/08/07/1
- https://www.openwall.com/lists/oss-security/2021/08/07/1
- https://www.openwall.com/lists/oss-security/2021/08/07/11
- https://www.openwall.com/lists/oss-security/2021/08/07/11