Ubuntu Update for Linux kernel vulnerabilities USN-1642-1

Please Install the Updated Packages.

Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810) It was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a &quot man in the middle&quot (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821)

lynx-cur on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-November/001907.html

---

Updated on 2015-03-25