Описание
ELSA-2013-0250: elinks security update (MODERATE)
[0.12-0.21.pre5]
- do not delegate GSSAPI credentials (CVE-2012-4545)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
elinks
0.11.1-8.el5_9
Oracle Linux x86_64
elinks
0.11.1-8.el5_9
Oracle Linux i386
elinks
0.11.1-8.el5_9
Oracle Linux 6
Oracle Linux x86_64
elinks
0.12-0.21.pre5.el6_3
Oracle Linux i686
elinks
0.12-0.21.pre5.el6_3
Oracle Linux sparc64
elinks
0.12-0.21.pre5.el6_3
Связанные CVE
Связанные уязвимости
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.
The http_negotiate_create_context function in protocol/http/http_negot ...
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.