Lynx Security Exploits Fixed for Ubuntu 12.10

Other older and supported Ubuntu OSes received this update

By on November 30th, 2012 14:23 GMT

On November 29, Canonical published details about Lynx vulnerabilities for its Ubuntu 12.10 and Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, two security issues were fixed in Lynx. First of all, a heap-based buffer overflow was discovered in Lynx. A remote attacker could have caused a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program.

Secondly, it was discovered that Lynx did not properly verify whether an HTTPS certificate was signed by a trusted certificate authority. This exploit would have left the system opened to a "man in the middle" (MITM) attack.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest lynx-cur package, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments