New Search

RHSA-2009:1471 -- elinks security update (Important)

oval:org.mitre.oval:def:28926

An updated elinks package that fixes two security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. ELinks is a text-based Web browser. ELinks does not display any images but it does support frames tables and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker could use this flaw to create a specially-crafted HTML file that would cause ELinks to crash or possibly execute arbitrary code when rendered. (CVE-2008-7224)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2009:1471
  • CESA-2009:1471-CentOS 5
  • CVE-2007-2027
  • CVE-2008-7224
Product(s):
  • elinks