Bug 215807
Summary: | CVE-2006-5925 elinks smb protocol arbitrary file access | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Jeff Sheltren <sheltren> |
Component: | elinks | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=critical, LEGACY, 3, 4, publish-fc3, publish-fc4 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-03-14 21:14:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeff Sheltren
2006-11-15 20:47:50 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since it turns out smb is disabled within elinks on all RHEL versions, I think we should be safe to do the same. I've created updated packages for FC3 and FC4 to fix this issue. The FC3 package uses the patch from EL4. For the FC4 package, I have simply added the "--disable-smb" flag to the configure line in the spec. This seems cleaner to me than creating a new patch, especially since I know very little about automake and autoconf :) FC3: http://www.cs.ucsb.edu/~jeff/legacy/elinks-0.9.2-2.2.legacy.src.rpm 6a55680e935e1a43f5dfd75bfd6a65bfebbdef03 elinks-0.9.2-2.2.legacy.src.rpm FC4: http://www.cs.ucsb.edu/~jeff/legacy/elinks-0.10.3-3.2.legacy.src.rpm 7af60eef166015d6fdeba755e1a879ac2cb52bd3 elinks-0.10.3-3.2.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFW7ndKe7MLJjUbNMRAtszAJ9FuIi8kFAViEHk8cKxe2HRa6x2bQCfYNPp bRu0QO/XRF8sAVQvlJQWqGc= =xDxD -----END PGP SIGNATURE----- Can we close this bug? Sure. Legacy is no longer providing security updates, so I don't see any reason to keep this open. |