An error in the verification of SSL certificates in Links might enable remote attackers to conduct man-in-the-middle attacks.
Package | www-client/links on all architectures |
---|---|
Affected versions | < 2.6 |
Unaffected versions | >= 2.6 |
Links is a fast lightweight text and graphic web-browser.
A SSL verification vulnerability and two unspecified vulnerabilities have been discovered in Links. Please review the Secunia Advisory referenced below for details.
An attacker might conduct man-in-the-middle attacks. The unspecified errors could allow for out-of-bounds reads and writes.
There is no known workaround at this time.
All Links users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/links-2.6"