Mandriva Linux Security Advisory : lynx (MDVSA-2008:218)
Critical Nessus Plugin ID 38035
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690).
This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
SolutionUpdate the affected lynx package.