From Mageia wiki
MGASA-2012-0351
Date: | November 30th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated lynx package fixes security vulnerability:
Lynx does not verify that the server's certificate is signed by a trusted
certification authority, which allows man-in-the-middle attackers to spoof
SSL servers via a crafted certificate, related to improper use of a certain
GnuTLS function (CVE-2012-5821).
Updated Packages:
Mageia 1:
lynx-2.8.7-4.1.mga1
Mageia 2:
lynx-2.8.7-4.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821
http://www.ubuntu.com/usn/usn-1642-1/
https://bugs.mageia.org/show_bug.cgi?id=8252