USN-4800-1: Lynx vulnerabilities

Packages

lynx - classic non-graphical (text-mode) web browser

Details

It was discovered that Lynx incorrectly handled certain URLs. A remote attacker
could possibly use this issue to obtain sensitive information or other
unspecified impact. This issue only affected Ubuntu 16.04 ESM.
(CVE-2016-9179)

It was discovered that Lynx incorrectly handled certain HTML files. A remote
attacker could possibly use this issue to obtain sensitive information.
This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000211)

Thorsten Glaser discovered that Lynx mishandles the userinfo subcomponents of
a URI. An attacker monitoring the network could discover cleartext
credentials because they may appear in SNI data. (CVE-2021-38165)

It was discovered that Lynx incorrectly handled certain URLs. A remote attacker
could possibly use this issue to obtain sensitive information or other
unspecified impact. This issue only affected Ubuntu 16.04 ESM.
(CVE-2016-9179)

It was discovered that Lynx incorrectly handled certain HTML files. A remote
attacker could possibly use this issue to obtain sensitive information.
This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000211)

Thorsten Glaser discovered that Lynx mishandles the userinfo subcomponents of
a URI. An attacker monitoring the network could discover cleartext
credentials because they may appear in SNI data. (CVE-2021-38165)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
20.04 focal	lynx – 2.9.0dev.5-1ubuntu0.1~esm1
18.04 bionic	lynx – 2.8.9dev16-3ubuntu0.1~esm1
16.04 xenial	lynx – 2.8.9dev8-4ubuntu1+esm2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References