Lucene search

AlmaLinuxALSA-2022:2129

HistoryMay 10, 2022 - 6:57 a.m.

Moderate: lynx security update

2022-05-1006:57:37

errata.almalinux.org

lynx

security update

disclosure

http authentication

sni data

cve-2021-38165

almalinux

release notes

web browser

frames

tables

html tags

cvss score

references

unix

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.006

Percentile

78.9%

JSON

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags.

Security Fix(es):

lynx: Disclosure of HTTP authentication credentials via SNI data (CVE-2021-38165)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64lynx< 2.8.9-4.el8lynx-2.8.9-4.el8.x86_64.rpm
almalinux8aarch64lynx< 2.8.9-4.el8lynx-2.8.9-4.el8.aarch64.rpm
almalinux8ppc64lelynx< 2.8.9-4.el8lynx-2.8.9-4.el8.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	x86_64	lynx	< 2.8.9-4.el8	lynx-2.8.9-4.el8.x86_64.rpm
almalinux	8	aarch64	lynx	< 2.8.9-4.el8	lynx-2.8.9-4.el8.aarch64.rpm
almalinux	8	ppc64le	lynx	< 2.8.9-4.el8	lynx-2.8.9-4.el8.ppc64le.rpm