+++ This bug was initially created as a clone of Bug #215731 +++ A flaw has been found in the way elinks parses smb:// protocol URLs: http://marc.theaimsgroup.com/?l=full-disclosure&m=116355556512780&w=2 This flaw could allow a remote web page to read and write arbitrary files with the permissions of the user running elinks.
The --disable-smb option has been added to FC5 and FC6 spec file (... although this bug doesn't have impact on packages which was compiled in build roots where is not smbclient (e.g. mock build roots).
elinks-0.11.0-2.4 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
elinks-0.11.1-5.1 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.