Advisories | Mandriva

Navigation

Package name	links
Date	November 20th, 2006
Advisory ID	MDKSA-2006:216
Affected versions	2006.0, 2007.0

Problem Description

The links web browser with smbclient installed allows remote attackers
to execute arbitrary code via shell metacharacters in an smb:// URI, as
demonstrated by using PUT and GET statements.

Corporate 3.0 is not affected by this issue, as that version of links
does not have smb:// URI support.

Updated packages have disabled access to smb:// URIs.

Updated Packages

Mandriva Linux 2006

 ea08f62d39a09dea86b7d1a5cb51e327  2006.0/i586/links-2.1-0.pre18.5.1.20060mdk.i586.rpm
 adbcd46c1caf25846b7ff382ac6eee7d  2006.0/i586/links-common-2.1-0.pre18.5.1.20060mdk.i586.rpm
 e87b887c09df5e888c097766e7ec619c  2006.0/i586/links-graphic-2.1-0.pre18.5.1.20060mdk.i586.rpm 
 ee822254533bf4719ee94223161b7de0  2006.0/SRPMS/links-2.1-0.pre18.5.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 796b482155ea5ab249bbe1baabcdd419  2006.0/x86_64/links-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
 5f897e5f5d1c712b547bce7fdb7b61d4  2006.0/x86_64/links-common-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
 93e5c42924fcafb2fc121c0d69b7f398  2006.0/x86_64/links-graphic-2.1-0.pre18.5.1.20060mdk.x86_64.rpm 
 ee822254533bf4719ee94223161b7de0  2006.0/SRPMS/links-2.1-0.pre18.5.1.20060mdk.src.rpm

Mandriva Linux 2007

 27f5da60ae0072b509e17326146922c1  2007.0/i586/links-2.1-0.pre18.13.1mdv2007.0.i586.rpm
 b4dac2435e4622cabf537c4df1749d83  2007.0/i586/links-common-2.1-0.pre18.13.1mdv2007.0.i586.rpm
 d33ab06111f877fbccb8f85ceb4044af  2007.0/i586/links-graphic-2.1-0.pre18.13.1mdv2007.0.i586.rpm 
 04961b71a4a04032a6e335dcaf91aa9d  2007.0/SRPMS/links-2.1-0.pre18.13.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 fe702c658fd4b931c8c79efd9c77010b  2007.0/x86_64/links-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
 5d8d03edf4217e9d3a6ab7f006c5613a  2007.0/x86_64/links-common-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
 e1c5effc08dfbc2e2c8b1bc351f4ea50  2007.0/x86_64/links-debug-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
 8fd02e550d5310ae74e48f002d7da45b  2007.0/x86_64/links-graphic-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm 
 04961b71a4a04032a6e335dcaf91aa9d  2007.0/SRPMS/links-2.1-0.pre18.13.1mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.