Links: SSL verification vulnerability — GLSA 201206-32

An error in the verification of SSL certificates in Links might enable remote attackers to conduct man-in-the-middle attacks.

Affected Packages

www-client/links on all architectures
Affected versions < 2.6
Unaffected versions >= 2.6

Background

Links is a fast lightweight text and graphic web-browser.

Description

A SSL verification vulnerability and two unspecified vulnerabilities have been discovered in Links. Please review the Secunia Advisory referenced below for details.

Impact

An attacker might conduct man-in-the-middle attacks. The unspecified errors could allow for out-of-bounds reads and writes.

Workaround

There is no known workaround at this time.

Resolution

All Links users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/links-2.6"
 

References

Release Date
June 25, 2012

Latest Revision
June 25, 2012: 1

Severity
normal

Exploitable
remote

Bugzilla entries