Bug 297611 (CVE-2007-5034)
Summary: | CVE-2007-5034 elinks reveals POST data to HTTPS proxy | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | kreilly, ovasik | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://bugzilla.elinks.cz/show_bug.cgi?id=937 | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-01-07 13:39:59 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 297981, 297991, 303881, 303891, 303901, 303911, 833893 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Tomas Hoger
2007-09-20 09:42:01 UTC
Support for HTTPS proxy was introduced in elinks version 0.5rc1. Version of elinks as shipped in Red Hat Enterprise Linux 3 is therefore not vulnerable. Also links as shipped in Red Hat Enterprise Linux 2.1 does not provide HTTPS proxy support and is not affected by this problem. Ok, so it seems to be that affected supported versions are FC-6, F-7, RHEL4 and RHEL5 - because devel contains 0.11.3 version. I will update versions for Fedora, because it is the easiest way, for RHEL4 and RHEL5 we should discuss the way how to proceed. Thanks Ondrej for feedback. Created tracking bugs for current Fedora versions. Created attachment 204441 [details]
0.10.6 upstream patch
Created attachment 204461 [details]
Upstream patch for 0.11.1
Fixed in all affected products: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0933.html Fedora updated to fixed upstream version |