Gentoo Linux Security Advisory GLSA 200909-15 - An incomplete fix for an issue related to the Lynx URL handler might allow for the remote execution of arbitrary commands. Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) only disabled the lynxcgi:// handler when not using the advanced mode. Versions less than 2.8.6-r4 are affected.
02bc04e4d8cec2c90bdae6e8c11d3a1946370660f56aa9c92e266e97300b5684
Mandriva Linux Security Advisory - A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode. This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
985b8d2bc9b5db4c673208074097d3cf3a736514dfd033339dc951e94fff711f
Mandriva Linux Security Advisory - A flaw was found in the way Lynx handled.mailcap and.mime.types configuration files. If these files were present in the current working directory, they would be loaded prior to similar files in the user's home directory. This could allow a local attacker to possibly execute arbitrary code as the user running Lynx, if they could convince the user to run Lynx in a directory under their control. A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode. This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
6e7e3bc6097f70cd80a0acb4394a11415cfa5fa3bb16fc1b29d35794b961993a