__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN ELinks Security Update [Red Hat RHSA-2007:0933-2] October 3, 2007 21:00 GMT Number S-002 ______________________________________________________________________________ PROBLEM: An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. PLATFORM: Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Debian GNU/Linux 4.0 (etch) DAMAGE: Could allow the disclosure of sensitive information. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Could allow the disclosure of sensitive ASSESSMENT: information. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-002.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0933.html ADDITIONAL LINK: http://www.debian.org/security/2007/dsa-1380 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-5034 ______________________________________________________________________________ [***** Start Red Hat RHSA-2007:0933-2 *****] Moderate: elinks security update Advisory: RHSA-2007:0933-2 Type: Security Advisory Severity: Moderate Issued on: 2007-10-03 Last updated on: 2007-10-03 Affected Products: Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20070933.xml CVEs (cve.mitre.org): CVE-2007-5034 Details An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports rendering modern web pages. An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. POST data sent via a proxy to an https site is not properly encrypted by ELinks, possibly allowing the disclosure of sensitive information. (CVE-2007-5034) All users of Elinks are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc IA-32: elinks-0.9.2-3.3.5.2.i386.rpm 740855a258e36afc4bd02b2dc939f6d0 x86_64: elinks-0.9.2-3.3.5.2.x86_64.rpm ca4941f6358b9b351285bb7268ee368c Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: elinks-0.11.1-5.1.0.1.el5.src.rpm df97aa87a94550dd9c6b8b3ab4e6f717 IA-32: elinks-0.11.1-5.1.0.1.el5.i386.rpm 7b4b7287bc524c45dc55a702ea6243ea IA-64: elinks-0.11.1-5.1.0.1.el5.ia64.rpm 7bc784e2951af8725c9876a28c942c5d PPC: elinks-0.11.1-5.1.0.1.el5.ppc.rpm 04978852cf223ad9d338eea7e4fffe07 s390x: elinks-0.11.1-5.1.0.1.el5.s390x.rpm 32cce00b9e70804720d80e5c2dd80960 x86_64: elinks-0.11.1-5.1.0.1.el5.x86_64.rpm 5cd0b473ae6d27f879f48aa2085e6380 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc IA-32: elinks-0.9.2-3.3.5.2.i386.rpm 740855a258e36afc4bd02b2dc939f6d0 IA-64: elinks-0.9.2-3.3.5.2.ia64.rpm d27d29fc20f082fd5c4e3d16a1f1b96f PPC: elinks-0.9.2-3.3.5.2.ppc.rpm 2901b97c6ad3dd7fae25a44348b82812 s390: elinks-0.9.2-3.3.5.2.s390.rpm 1d225484d90ff04080c3d570dd54e8d5 s390x: elinks-0.9.2-3.3.5.2.s390x.rpm f9d32215514a0c003d315cb8a22305bc x86_64: elinks-0.9.2-3.3.5.2.x86_64.rpm ca4941f6358b9b351285bb7268ee368c Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: elinks-0.11.1-5.1.0.1.el5.src.rpm df97aa87a94550dd9c6b8b3ab4e6f717 IA-32: elinks-0.11.1-5.1.0.1.el5.i386.rpm 7b4b7287bc524c45dc55a702ea6243ea x86_64: elinks-0.11.1-5.1.0.1.el5.x86_64.rpm 5cd0b473ae6d27f879f48aa2085e6380 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc IA-32: elinks-0.9.2-3.3.5.2.i386.rpm 740855a258e36afc4bd02b2dc939f6d0 IA-64: elinks-0.9.2-3.3.5.2.ia64.rpm d27d29fc20f082fd5c4e3d16a1f1b96f x86_64: elinks-0.9.2-3.3.5.2.x86_64.rpm ca4941f6358b9b351285bb7268ee368c Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc IA-32: elinks-0.9.2-3.3.5.2.i386.rpm 740855a258e36afc4bd02b2dc939f6d0 IA-64: elinks-0.9.2-3.3.5.2.ia64.rpm d27d29fc20f082fd5c4e3d16a1f1b96f x86_64: elinks-0.9.2-3.3.5.2.x86_64.rpm ca4941f6358b9b351285bb7268ee368c (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034 http://www.redhat.com/security/updates/classification/#moderate -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0933-2 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-352: The Cisco Adaptive Security Appliance Vulnerability R-353: phpWiki Security Vulnerabilities R-354: Earth Resources Mapping NCSView ActiveX Vulnerabilities R-355: PHP Security Update R-356: OpenOffice.org Security Update R-357: HP-UX Running logins(1M) Vulnerability R-358: kdebase Vulnerability R-359: Tomcat Security Update R-360: Kernel Security Update S-001: OpenSSL Vulnerability