Bug 1522617 (CVE-2017-1000211)
| Summary: | CVE-2017-1000211 lynx: Use after free in HTML.c:HTML_put_string() can lead to memory disclosure | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | kdudka |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | lynx 2.8.9dev.16 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-12-12 10:01:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1522618, 1522619 | ||
| Bug Blocks: | 1522622 | ||
|
Description
Sam Fowler
2017-12-06 06:06:04 UTC
Created lynx tracking bugs for this issue: Affects: fedora-25 [bug 1522618] Affects: fedora-26 [bug 1522619] It makes no sense to create tracking bugs for each release of Fedora separately when they both describe the same issue. Moreover, Fedora 25 will shortly reach EOL, so the f25 update would hardly ever reach stable update repositories... Statement: This issue did not affect the versions of lynx as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of lynx as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. |