Date: Thu, 16 Mar 2000 17:30:19 +0900 From: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime) To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx Message-ID: <92790.953195419@ideon.st.ryukoku.ac.jp> In-Reply-To: Your message of "Wed, 15 Mar 2000 09:34:43 PST" References: <20000315173443.F231737BA56@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In <20000315173443.F231737BA56@hub.freebsd.org>,
FreeBSD Security Officer wrote:
| FreeBSD-SA-00:08 Security Advisory
...
| Topic: Lynx ports contain numerous buffer overflows
...
| II. Problem Description
|
| The lynx software is written in a very insecure style and contains numerous
| potential and several proven security vulnerabilities (publicized on the
| BugTraq mailing list) exploitable by a malicious server.
|
| The lynx ports are not installed by default, nor are they "part of FreeBSD"
| as such: they are part of the FreeBSD ports collection, which contains over
| 3100 third-party applications in a ready-to-install format.
But, /stand/sysinstall still use lynx as default text browser.
If you want to read HTML documents in sysinstall, /stand/sysinstall
will go to install lynx package automatically (and it will fail in
4.0-RELEASE).
---- from release/sysinstall/install.c revision 1.268:
variable_set2(VAR_BROWSER_PACKAGE, "lynx", 0);
variable_set2(VAR_BROWSER_BINARY, "/usr/local/bin/lynx", 0);
----
----
KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan
[Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92790.953195419>