Mandriva: Subject: [Security Announce] [ MDVSA-2008:218 ] lynx

10-28-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Mandriva: Subject: [Security Announce] [ MDVSA-2008:218 ] lynx

LinuxSecurity.com: A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690). This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

DPKG-WWW(1) General Commands Manual DPKG-WWW(1) NAME
dpkg-www - program to remotely open a WWW Debian package browser SYNOPSIS
dpkg-www [-s|--stdout] [-h|--host host] [query] DESCRIPTION
dpkg-www is used to remotely control a WEB browser and open a dpkg URL on the local host from an interactive shell or script. If the command is invoked while running under X-window the script will try to find an installed X browser to open the specified URL. If not running under X it will try to use a text browser instead. If Netscape is found and a Netscape instance is already running it will be asked to open the dpkg URL on localhost with the optional query supplied on the command line. If there is no browser running, it will start automatically a new one. The functionality provided by this program is identical to running a web browser with the -remote openURL(http://localhost/cgi-bin/dpkg) argument or opening the same URL from within the browser. dpkg-www-installer is an helper application which can configured in the WWW browser for web installation. It should never be invoked directly by the user. OPTIONS
-s, --stdout Redirect output to stdout. Requires one of the text browsers (lynx, lynx-ssl or links) installed. -h, --host host Send the query to a remote host, where dpkg-www must be installed. query Specifies an optional package name, an absolute pathname or a query argument which is passed to the dpkg cgi-bin. See dpkg-www(8) for more information about the use of the cgi. FILES
/etc/dpkg-www.conf ~/.dpkg-www Configuration files for dpkg-www. It is not necessary for these files to exist, there are sensible defaults for everything, but you can specify your preferred www browser with the DPKG_WWW_BROWSER variable, for example: DPKG_WWW_BROWSER=mozilla EXAMPLES
dpkg-www This would open a dpkg URL on localhost listing all the installed packages. dpkg-www bash This would open a dpkg URL asking info on the bash package. dpkg-www -h pisolo bash This would open a dpkg URL asking info on the bash package on host pisolo. dpkg-www 'dpkg*' This would open a dpkg URL listing all packages matching dpkg*. dpkg-www /bin/bash This would open a dpkg URL asking info on the package(s) owning the file /bin/bash . dpkg-www depends=svgalib This would open a dpkg URL listing all packages depending on svgalib. dpkg-www --stdout depends=awk | grep ^ii This would list on stdout all packages depending on awk and grep all lines of installed packages. SEE ALSO
dpkg(8), dpkg-www(8) AUTHOR
Massimo Dal Zotto <dz@debian.org>. Bugs should be reported via the normal Debian bug reporting system. LICENCE
dpkg-www is licensed under the GNU General Public License version 2. September 1, 2004 DPKG-WWW(1)

Security Advisories (RSS)

Mandriva: Subject: [Security Announce] [ MDVSA-2008:218 ] lynx

LEARN ABOUT DEBIAN

dpkg-www