Описание
ELSA-2007-0933: Moderate: elinks security update (MODERATE)
[0.9.2-3.3.5.2]
- fix elinks-0.9.2-httpspostdata.patch (#303881)
[0.9.2-3.3.5.1]
- fix #297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy
[0.9.2-3.3]
- fix #215731 - elinks smb protocol arbitrary file access
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
elinks
0.11.1-5.1.0.1.el5
Oracle Linux x86_64
elinks
0.11.1-5.1.0.1.el5
Oracle Linux i386
elinks
0.11.1-5.1.0.1.el5
Связанные CVE
Связанные уязвимости
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
ELinks before 0.11.3, when sending a POST request for an https URL, ap ...
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.