An error in the verification of SSL certificates in Links might enable remote attackers to conduct man-in-the-middle attacks.
|Package||www-client/links on all architectures|
|Affected versions||< 2.6|
|Unaffected versions||>= 2.6|
Links is a fast lightweight text and graphic web-browser.
A SSL verification vulnerability and two unspecified vulnerabilities have been discovered in Links. Please review the Secunia Advisory referenced below for details.
An attacker might conduct man-in-the-middle attacks. The unspecified errors could allow for out-of-bounds reads and writes.
There is no known workaround at this time.
All Links users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/links-2.6"