OESA-2021-1326

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1326
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1326.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1326
Upstream
Published
2021-08-28T11:03:09Z
Modified
2025-08-12T05:09:34.617597Z
Summary
lynx security update
Details

Lynx is a fully-featured World Wide Web (WWW) client for users running cursor-addressable, character-cell display devices such as vt100 terminals, vt100 emulators running on Windows 95/NT or Macintoshes, or any other character-cell display. It will display Hypertext Markup Language (HTML) documents containing links to files on the local system, as well as files on remote systems running http, gopher, ftp, wais, nntp, finger, or cso/ph/qi servers, and services accessible via logins to telnet, tn3270 or rlogin accounts. Current versions of Lynx run on Unix, VMS, Windows95 through Windows 8, 386DOS and OS/2 EMX.

Security Fix(es):

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.(CVE-2021-38165)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / lynx

Package

Name
lynx
Purl
pkg:rpm/openEuler/lynx&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.9-6.oe1

Ecosystem specific 

{
    "x86_64": [
        "lynx-debuginfo-2.8.9-6.oe1.x86_64.rpm",
        "lynx-2.8.9-6.oe1.x86_64.rpm",
        "lynx-debugsource-2.8.9-6.oe1.x86_64.rpm"
    ],
    "src": [
        "lynx-2.8.9-6.oe1.src.rpm"
    ],
    "noarch": [
        "lynx-help-2.8.9-6.oe1.noarch.rpm"
    ],
    "aarch64": [
        "lynx-2.8.9-6.oe1.aarch64.rpm",
        "lynx-debuginfo-2.8.9-6.oe1.aarch64.rpm",
        "lynx-debugsource-2.8.9-6.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / lynx

Package

Name
lynx
Purl
pkg:rpm/openEuler/lynx&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.9-6.oe1

Ecosystem specific 

{
    "x86_64": [
        "lynx-2.8.9-6.oe1.x86_64.rpm",
        "lynx-debugsource-2.8.9-6.oe1.x86_64.rpm",
        "lynx-debuginfo-2.8.9-6.oe1.x86_64.rpm"
    ],
    "src": [
        "lynx-2.8.9-6.oe1.src.rpm"
    ],
    "noarch": [
        "lynx-help-2.8.9-6.oe1.noarch.rpm"
    ],
    "aarch64": [
        "lynx-2.8.9-6.oe1.aarch64.rpm",
        "lynx-debuginfo-2.8.9-6.oe1.aarch64.rpm",
        "lynx-debugsource-2.8.9-6.oe1.aarch64.rpm"
    ]
}