From Mageia wiki
Revision as of 21:55, 30 November 2012 by Tmb (talk | contribs) (Created page with "== MGASA-2012-0351 == {| |'''Date:''' |November 30th, 2012 |- |'''Affected releases:''' |1, 2 |} '''Description:'''<br/> Updated lynx package fixes security vulnerability:<br/...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

MGASA-2012-0351

Date: November 30th, 2012
Affected releases: 1, 2


Description:
Updated lynx package fixes security vulnerability:

Lynx does not verify that the server's certificate is signed by a trusted
certification authority, which allows man-in-the-middle attackers to spoof
SSL servers via a crafted certificate, related to improper use of a certain
GnuTLS function (CVE-2012-5821).


Updated Packages:
Mageia 1:
lynx-2.8.7-4.1.mga1

Mageia 2:
lynx-2.8.7-4.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821
http://www.ubuntu.com/usn/usn-1642-1/
https://bugs.mageia.org/show_bug.cgi?id=8252