Synopsis:	Important: elinks security update
Issue date:	2009-10-01
CVE Names:	CVE-2007-2027 CVE-2008-7224

CVE-2007-2027 elinks tries to load .po files from a non-absolute path
CVE-2008-7224 elinks: entity_cache static array buffer overflow (off-by-one)

An off-by-one buffer overflow flaw was discovered in the way ELinks 
handled its internal cache of string representations for HTML special 
entities. A remote attacker could use this flaw to create a 
specially-crafted HTML file that would cause ELinks to crash or, 
possibly, execute arbitrary code when rendered. (CVE-2008-7224)

It was discovered that ELinks tried to load translation files using
relative paths. A local attacker able to trick a victim into running 
ELinks in a folder containing specially-crafted translation files could 
use this flaw to confuse the victim via incorrect translations, or cause 
ELinks to crash and possibly execute arbitrary code via embedded 
formatting sequences in translated messages. (CVE-2007-2027)


SL 4.x

      SRPMS:
elinks-0.9.2-4.el4_8.1.src.rpm
      i386:
elinks-0.9.2-4.el4_8.1.i386.rpm
      x86_64:
elinks-0.9.2-4.el4_8.1.x86_64.rpm

SL 5.x

      SRPMS:
elinks-0.11.1-6.el5_4.1.src.rpm
      i386:
elinks-0.11.1-6.el5_4.1.i386.rpm
      x86_64:
elinks-0.11.1-6.el5_4.1.x86_64.rpm

-Connie Sieh
-Troy Dawson