Bug 812076 - links: possible flaws within the graphics renderer and XBM decoder
links: possible flaws within the graphics renderer and XBM decoder
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120407,repor...
: Security
Depends On: 812079 812080
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-12 13:16 EDT by Vincent Danen
Modified: 2015-07-31 02:49 EDT (History)
2 users (show)

See Also:
Fixed In Version: links 2.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-04-12 13:16:48 EDT
It was reported [1],[2] that the Links browser suffers from two possible security flaws: an out-of-bounds write in the graphics renderer and an out-of-bounds read/write in the XBM decoder.

This has been corrected in Links 2.6; the Debian bug report [2] has a patch backported to 2.3.

There is some discussion [3] about whether or not this is a security flaw, however.  No CVE has been assigned.

[1] http://links.twibright.com/download/ChangeLog
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668227
[3] http://www.openwall.com/lists/oss-security/2012/04/12/1
Comment 1 Vincent Danen 2012-04-12 13:17:54 EDT
Created links tracking bugs for this issue

Affects: fedora-all [bug 812079]
Affects: epel-6 [bug 812080]

Note You need to log in before you can comment on or make changes to this bug.