OPENSUSE-SU-2019:2185-1
Vulnerability from csaf_opensuse - Published: 2019-09-25 08:19 - Updated: 2019-09-25 08:19Summary
Security update for links
Notes
Title of the patch
Security update for links
Description of the patch
This update for links fixes the following issues:
links was updated to 2.20.1:
* libevent bug fixes
links was updated to 2.20:
* Security bug fixed: when links was connected to tor, it would
send real dns requests outside the tor network when the
displayed page contains link elements with rel=dns-prefetch
boo#1149886
* stability improvements
* file urls support local hostnames
* mouse support improvement
* improve interaction with Google
* Support the zstd compression algorithm
* Use proper cookie expiry
links was updated to 2.19:
* Fixed a crash on invalidn IDN URLs
* Make font selection possible via fontconfig
* Show certificate authority in Document info box
* Use international error messages
* The -dump switch didn't report errors on stdout write
links was updated to 2.18:
* Automatically enable tor mode when the socks port is 9050
* When in tor mode, invert colors on top line and bottom line
* Fix an incorrect shift in write_ev_queue
* Fix runtime error sanitizer warning
* Add a menu entry to save and load a clipboard
* Don't synch with Xserver on every pixmap load
* Fix 'Network Options' bug that caused a timeout
* Fix a possible integer overflow in decoder_memory_expand
* Fix possible pointer arithmetics bug if os allocated few bytes
* Add a button to never accept invalid certs for a given server
* Fix incorrect strings -html-t-text-color
* Add ascii replacement of Romanian S and T with comma
* Fix a bug when IPv6 control connection to ftp server fails
links was updated to 2.17:
* Fix verifying SSL certificates for numeric IPv6 addresses
* Delete the option -ftp.fast - it doesn't always work and ftp performance is not an issue anymore
* Add bold and monospaced Turkish letter 'i' without a dot
* On OS/2 allocate OpenSSL memory fro the lower heap. It fixes SSL on systems with old 16-bit TCP/IP stack
* Fix IPv6 on OpenVMS Alpha
* Support mouse scroll wheel in textarea
* Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the 'buggy' behavior and defines new codes 307 and 308 that retain the post data
* X11 - fixed colormap leak when creating a new window
* Fixed an infinite loop that happened in graphics mode if the user clicked on OK in 'Miscellaneous options' dialog and more than one windows were open. This bug was introduced in Links 2.15
* Support 6x6x6 RGB palette in 256-bit color mode on framebuffer
* Implement dithering properly on OS/2 in 15-bit and 16-bit color mode. In 8-bit mode, Links may optionally use a private palette - it improves visual quality of Links images, but degrades visual quality of other concurrently running programs.
* Improve scrolling smoothness when the user drags the whole document
* On OS/2, allocate large memory blocks directly (not with malloc). It reduces memory waste
* Fixed a bug that setting terminal title and resizing a terminal didn't work on OS/2 and Windows. The bug was introduced in Links 2.16 when shutting up coverity warnings
* Set link color to yellow by default
* Delete the option -http-bugs.bug-post-no-keepalive. It was needed in 1999 to avoid some bug in some http server and it is not needed anymore
* Trust Content-Length on HTTP/1.0 redirect requests. This fixes hangs with misbehaving servers that honor Connection:keep-alive but send out HTTP/1.0 reply without Connection: keep-alive. Links thought that they don't support keep-alive and waited for the connection to close (for example http://www.raspberrypi.org)
* Use keys 'H' and 'L' to select the top and bottom link on the current page
links was updated to 2.16:
* Improve handling of the DELETE key
* Implement the bracketed paste mode
* Fix various bugs found by coverity
* Fix a crash in proxy authentication code
* Fixed internal error 'invalid set_handlers call' on framebuffer if links is suspend and terminate at the same time
Patchnames
openSUSE-2019-2185
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for links",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for links fixes the following issues:\n\nlinks was updated to 2.20.1:\n\n* libevent bug fixes\n\nlinks was updated to 2.20:\n\n* Security bug fixed: when links was connected to tor, it would\n send real dns requests outside the tor network when the\n displayed page contains link elements with rel=dns-prefetch\n boo#1149886\n* stability improvements\n* file urls support local hostnames\n* mouse support improvement\n* improve interaction with Google\n* Support the zstd compression algorithm\n* Use proper cookie expiry\n\nlinks was updated to 2.19:\n\n* Fixed a crash on invalidn IDN URLs\n* Make font selection possible via fontconfig\n* Show certificate authority in Document info box\n* Use international error messages\n* The -dump switch didn\u0027t report errors on stdout write\n\nlinks was updated to 2.18:\n\n* Automatically enable tor mode when the socks port is 9050\n* When in tor mode, invert colors on top line and bottom line\n* Fix an incorrect shift in write_ev_queue \n* Fix runtime error sanitizer warning\n* Add a menu entry to save and load a clipboard\n* Don\u0027t synch with Xserver on every pixmap load\n* Fix \u0027Network Options\u0027 bug that caused a timeout\n* Fix a possible integer overflow in decoder_memory_expand\n* Fix possible pointer arithmetics bug if os allocated few bytes\n* Add a button to never accept invalid certs for a given server\n* Fix incorrect strings -html-t-text-color\n* Add ascii replacement of Romanian S and T with comma\n* Fix a bug when IPv6 control connection to ftp server fails\n \nlinks was updated to 2.17:\n\n* Fix verifying SSL certificates for numeric IPv6 addresses\n* Delete the option -ftp.fast - it doesn\u0027t always work and ftp performance is not an issue anymore\n* Add bold and monospaced Turkish letter \u0027i\u0027 without a dot\n* On OS/2 allocate OpenSSL memory fro the lower heap. It fixes SSL on systems with old 16-bit TCP/IP stack\n* Fix IPv6 on OpenVMS Alpha\n* Support mouse scroll wheel in textarea\n* Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the \u0027buggy\u0027 behavior and defines new codes 307 and 308 that retain the post data\n* X11 - fixed colormap leak when creating a new window\n* Fixed an infinite loop that happened in graphics mode if the user clicked on OK in \u0027Miscellaneous options\u0027 dialog and more than one windows were open. This bug was introduced in Links 2.15\n* Support 6x6x6 RGB palette in 256-bit color mode on framebuffer\n* Implement dithering properly on OS/2 in 15-bit and 16-bit color mode. In 8-bit mode, Links may optionally use a private palette - it improves visual quality of Links images, but degrades visual quality of other concurrently running programs.\n* Improve scrolling smoothness when the user drags the whole document\n* On OS/2, allocate large memory blocks directly (not with malloc). It reduces memory waste\n* Fixed a bug that setting terminal title and resizing a terminal didn\u0027t work on OS/2 and Windows. The bug was introduced in Links 2.16 when shutting up coverity warnings\n* Set link color to yellow by default\n* Delete the option -http-bugs.bug-post-no-keepalive. It was needed in 1999 to avoid some bug in some http server and it is not needed anymore\n* Trust Content-Length on HTTP/1.0 redirect requests. This fixes hangs with misbehaving servers that honor Connection:keep-alive but send out HTTP/1.0 reply without Connection: keep-alive. Links thought that they don\u0027t support keep-alive and waited for the connection to close (for example http://www.raspberrypi.org)\n* Use keys \u0027H\u0027 and \u0027L\u0027 to select the top and bottom link on the current page\n\nlinks was updated to 2.16:\n\n* Improve handling of the DELETE key\n* Implement the bracketed paste mode\n* Fix various bugs found by coverity\n* Fix a crash in proxy authentication code\n* Fixed internal error \u0027invalid set_handlers call\u0027 on framebuffer if links is suspend and terminate at the same time\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2185",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2185-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2185-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KVZJ22N27TTKNIW6PC56B7RRR6OP2SA/#7KVZJ22N27TTKNIW6PC56B7RRR6OP2SA"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2185-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KVZJ22N27TTKNIW6PC56B7RRR6OP2SA/#7KVZJ22N27TTKNIW6PC56B7RRR6OP2SA"
},
{
"category": "self",
"summary": "SUSE Bug 1149886",
"url": "https://bugzilla.suse.com/1149886"
}
],
"title": "Security update for links",
"tracking": {
"current_release_date": "2019-09-25T08:19:05Z",
"generator": {
"date": "2019-09-25T08:19:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2185-1",
"initial_release_date": "2019-09-25T08:19:05Z",
"revision_history": [
{
"date": "2019-09-25T08:19:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "links-2.20.1-bp151.4.3.1.aarch64",
"product": {
"name": "links-2.20.1-bp151.4.3.1.aarch64",
"product_id": "links-2.20.1-bp151.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "links-2.20.1-bp151.4.3.1.i586",
"product": {
"name": "links-2.20.1-bp151.4.3.1.i586",
"product_id": "links-2.20.1-bp151.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "links-2.20.1-bp151.4.3.1.ppc64le",
"product": {
"name": "links-2.20.1-bp151.4.3.1.ppc64le",
"product_id": "links-2.20.1-bp151.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "links-2.20.1-bp151.4.3.1.s390x",
"product": {
"name": "links-2.20.1-bp151.4.3.1.s390x",
"product_id": "links-2.20.1-bp151.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "links-2.20.1-bp151.4.3.1.x86_64",
"product": {
"name": "links-2.20.1-bp151.4.3.1.x86_64",
"product_id": "links-2.20.1-bp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:links-2.20.1-bp151.4.3.1.aarch64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.i586 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:links-2.20.1-bp151.4.3.1.i586"
},
"product_reference": "links-2.20.1-bp151.4.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:links-2.20.1-bp151.4.3.1.ppc64le"
},
"product_reference": "links-2.20.1-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:links-2.20.1-bp151.4.3.1.s390x"
},
"product_reference": "links-2.20.1-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:links-2.20.1-bp151.4.3.1.x86_64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:links-2.20.1-bp151.4.3.1.aarch64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.i586 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:links-2.20.1-bp151.4.3.1.i586"
},
"product_reference": "links-2.20.1-bp151.4.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:links-2.20.1-bp151.4.3.1.ppc64le"
},
"product_reference": "links-2.20.1-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:links-2.20.1-bp151.4.3.1.s390x"
},
"product_reference": "links-2.20.1-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:links-2.20.1-bp151.4.3.1.x86_64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.aarch64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:links-2.20.1-bp151.4.3.1.aarch64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:links-2.20.1-bp151.4.3.1.i586"
},
"product_reference": "links-2.20.1-bp151.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.ppc64le as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:links-2.20.1-bp151.4.3.1.ppc64le"
},
"product_reference": "links-2.20.1-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.s390x as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:links-2.20.1-bp151.4.3.1.s390x"
},
"product_reference": "links-2.20.1-bp151.4.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:links-2.20.1-bp151.4.3.1.x86_64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:links-2.20.1-bp151.4.3.1.aarch64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:links-2.20.1-bp151.4.3.1.i586"
},
"product_reference": "links-2.20.1-bp151.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:links-2.20.1-bp151.4.3.1.ppc64le"
},
"product_reference": "links-2.20.1-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:links-2.20.1-bp151.4.3.1.s390x"
},
"product_reference": "links-2.20.1-bp151.4.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "links-2.20.1-bp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:links-2.20.1-bp151.4.3.1.x86_64"
},
"product_reference": "links-2.20.1-bp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…