Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2007-2027 (GCVE-0-2007-2027)
Vulnerability from cvelistv5 – Published: 2007-04-13 18:00 – Updated: 2024-08-07 13:23
VLAI?
EPSS
Summary
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2007-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25550"
},
{
"name": "2007-0017",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "USN-457-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"name": "25198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25198"
},
{
"name": "ADV-2007-1686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1686"
},
{
"name": "35668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"name": "oval:org.mitre.oval:def:9741",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
},
{
"name": "23844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23844"
},
{
"name": "25169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"name": "25255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25550"
},
{
"name": "2007-0017",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "USN-457-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"name": "25198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25198"
},
{
"name": "ADV-2007-1686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1686"
},
{
"name": "35668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"name": "oval:org.mitre.oval:def:9741",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
},
{
"name": "23844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23844"
},
{
"name": "25169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"name": "25255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25550"
},
{
"name": "2007-0017",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "USN-457-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"name": "25198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25198"
},
{
"name": "ADV-2007-1686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1686"
},
{
"name": "35668",
"refsource": "OSVDB",
"url": "http://osvdb.org/35668"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"name": "oval:org.mitre.oval:def:9741",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
},
{
"name": "23844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23844"
},
{
"name": "25169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25169"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"name": "25255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200706-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2027",
"datePublished": "2007-04-13T18:00:00.000Z",
"dateReserved": "2007-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:50.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2007-2027",
"date": "2026-04-24",
"epss": "0.0024",
"percentile": "0.47268"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A59D584-A2D1-421B-BA8B-7EC4EC459B3F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \\\"../po\\\" directory, which can be leveraged to conduct format string attacks.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de ruta (path) de b\\u00fasqueda no confiable en la funci\\u00f3n add_filename_to_string en el archivo intl/gettext/loadmsgcat.c para Elinks versi\\u00f3n 0.11.1, permite a usuarios locales causar que Elinks use un cat\\u00e1logo de mensajes gettext no confiable (archivo .po) en un directorio \\\"../po\\\", que puede ser aprovechado para conducir ataques de cadena de formato.\"}]",
"evaluatorImpact": "An untrusted message catalog might lead to a format-string attack when an\r\nattacker tricks user into launching links from a particular directory.\r\n",
"id": "CVE-2007-2027",
"lastModified": "2024-11-21T00:29:43.753",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": true}]}",
"published": "2007-04-13T18:19:00.000",
"references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/35668\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25169\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25198\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25255\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25550\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200706-03.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23844\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.trustix.org/errata/2007/0017/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-457-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1686\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/35668\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25255\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25550\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200706-03.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.trustix.org/errata/2007/0017/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-457-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1686\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"This issue affected Red Hat Enterprise Linux 4 and 5. Update packages were released to correct it via: http://rhn.redhat.com/errata/RHSA-2009-1471.html\", \"lastModified\": \"2009-10-02T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2007-2027\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-13T18:19:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \\\"../po\\\" directory, which can be leveraged to conduct format string attacks.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de ruta (path) de b\u00fasqueda no confiable en la funci\u00f3n add_filename_to_string en el archivo intl/gettext/loadmsgcat.c para Elinks versi\u00f3n 0.11.1, permite a usuarios locales causar que Elinks use un cat\u00e1logo de mensajes gettext no confiable (archivo .po) en un directorio \\\"../po\\\", que puede ser aprovechado para conducir ataques de cadena de formato.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A59D584-A2D1-421B-BA8B-7EC4EC459B3F\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/35668\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25169\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25198\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25255\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25550\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200706-03.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23844\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trustix.org/errata/2007/0017/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-457-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1686\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/35668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200706-03.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trustix.org/errata/2007/0017/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-457-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1686\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"An untrusted message catalog might lead to a format-string attack when an\\r\\nattacker tricks user into launching links from a particular directory.\\r\\n\",\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue affected Red Hat Enterprise Linux 4 and 5. Update packages were released to correct it via: http://rhn.redhat.com/errata/RHSA-2009-1471.html\",\"lastModified\":\"2009-10-02T00:00:00\"}]}}"
}
}
GHSA-4F5H-WCJ8-92W2
Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2025-04-09 03:40
VLAI?
Details
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
{
"affected": [],
"aliases": [
"CVE-2007-2027"
],
"database_specific": {
"cwe_ids": [
"CWE-134"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-04-13T18:19:00Z",
"severity": "MODERATE"
},
"details": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks.",
"id": "GHSA-4f5h-wcj8-92w2",
"modified": "2025-04-09T03:40:13Z",
"published": "2022-05-01T17:59:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2027"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"type": "WEB",
"url": "http://osvdb.org/35668"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25169"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25198"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25255"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25550"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/23844"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2007/0017"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1686"
}
],
"schema_version": "1.4.0",
"severity": []
}
RHSA-2009_1471
Vulnerability from csaf_redhat - Published: 2009-10-01 17:10 - Updated: 2024-11-22 03:03Summary
Red Hat Security Advisory: elinks security update
Severity
Important
Notes
Topic: An updated elinks package that fixes two security issues is now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details: ELinks is a text-based Web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.
An off-by-one buffer overflow flaw was discovered in the way ELinks handled
its internal cache of string representations for HTML special entities. A
remote attacker could use this flaw to create a specially-crafted HTML file
that would cause ELinks to crash or, possibly, execute arbitrary code when
rendered. (CVE-2008-7224)
It was discovered that ELinks tried to load translation files using
relative paths. A local attacker able to trick a victim into running ELinks
in a folder containing specially-crafted translation files could use this
flaw to confuse the victim via incorrect translations, or cause ELinks to
crash and possibly execute arbitrary code via embedded formatting sequences
in translated messages. (CVE-2007-2027)
All ELinks users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
4.4 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1471
Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1471
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated elinks package that fixes two security issues is now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "ELinks is a text-based Web browser. ELinks does not display any images, but\nit does support frames, tables, and most other HTML tags.\n\nAn off-by-one buffer overflow flaw was discovered in the way ELinks handled\nits internal cache of string representations for HTML special entities. A\nremote attacker could use this flaw to create a specially-crafted HTML file\nthat would cause ELinks to crash or, possibly, execute arbitrary code when\nrendered. (CVE-2008-7224)\n\nIt was discovered that ELinks tried to load translation files using\nrelative paths. A local attacker able to trick a victim into running ELinks\nin a folder containing specially-crafted translation files could use this\nflaw to confuse the victim via incorrect translations, or cause ELinks to\ncrash and possibly execute arbitrary code via embedded formatting sequences\nin translated messages. (CVE-2007-2027)\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1471",
"url": "https://access.redhat.com/errata/RHSA-2009:1471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "235411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=235411"
},
{
"category": "external",
"summary": "523258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523258"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1471.json"
}
],
"title": "Red Hat Security Advisory: elinks security update",
"tracking": {
"current_release_date": "2024-11-22T03:03:10+00:00",
"generator": {
"date": "2024-11-22T03:03:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1471",
"initial_release_date": "2009-10-01T17:10:00+00:00",
"revision_history": [
{
"date": "2009-10-01T17:10:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-10-01T13:26:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:03:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.ia64",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64",
"product_id": "elinks-0:0.9.2-4.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.ia64",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.ia64",
"product_id": "elinks-0:0.11.1-6.el5_4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.src",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.src",
"product_id": "elinks-0:0.9.2-4.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.src",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.src",
"product_id": "elinks-0:0.11.1-6.el5_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"product_id": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"product_id": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.i386",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386",
"product_id": "elinks-0:0.9.2-4.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.i386",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.i386",
"product_id": "elinks-0:0.11.1-6.el5_4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.ppc",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc",
"product_id": "elinks-0:0.9.2-4.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.ppc",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.ppc",
"product_id": "elinks-0:0.11.1-6.el5_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.s390x",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x",
"product_id": "elinks-0:0.9.2-4.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.s390x",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.s390x",
"product_id": "elinks-0:0.11.1-6.el5_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.s390",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390",
"product_id": "elinks-0:0.9.2-4.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.src"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.src"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2027",
"discovery_date": "2007-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "235411"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elinks tries to load .po files from a non-absolute path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-2027"
},
{
"category": "external",
"summary": "RHBZ#235411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=235411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-2027",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2027"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2027",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2027"
}
],
"release_date": "2007-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-10-01T17:10:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1471"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elinks tries to load .po files from a non-absolute path"
},
{
"cve": "CVE-2008-7224",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2009-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "523258"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elinks: entity_cache static array buffer overflow (off-by-one)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-7224"
},
{
"category": "external",
"summary": "RHBZ#523258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-7224",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-7224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-7224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7224"
}
],
"release_date": "2006-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-10-01T17:10:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1471"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "elinks: entity_cache static array buffer overflow (off-by-one)"
}
]
}
RHSA-2009:1471
Vulnerability from csaf_redhat - Published: 2009-10-01 17:10 - Updated: 2025-11-21 17:35Summary
Red Hat Security Advisory: elinks security update
Severity
Important
Notes
Topic: An updated elinks package that fixes two security issues is now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details: ELinks is a text-based Web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.
An off-by-one buffer overflow flaw was discovered in the way ELinks handled
its internal cache of string representations for HTML special entities. A
remote attacker could use this flaw to create a specially-crafted HTML file
that would cause ELinks to crash or, possibly, execute arbitrary code when
rendered. (CVE-2008-7224)
It was discovered that ELinks tried to load translation files using
relative paths. A local attacker able to trick a victim into running ELinks
in a folder containing specially-crafted translation files could use this
flaw to confuse the victim via incorrect translations, or cause ELinks to
crash and possibly execute arbitrary code via embedded formatting sequences
in translated messages. (CVE-2007-2027)
All ELinks users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
4.4 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1471
Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2009:1471
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated elinks package that fixes two security issues is now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "ELinks is a text-based Web browser. ELinks does not display any images, but\nit does support frames, tables, and most other HTML tags.\n\nAn off-by-one buffer overflow flaw was discovered in the way ELinks handled\nits internal cache of string representations for HTML special entities. A\nremote attacker could use this flaw to create a specially-crafted HTML file\nthat would cause ELinks to crash or, possibly, execute arbitrary code when\nrendered. (CVE-2008-7224)\n\nIt was discovered that ELinks tried to load translation files using\nrelative paths. A local attacker able to trick a victim into running ELinks\nin a folder containing specially-crafted translation files could use this\nflaw to confuse the victim via incorrect translations, or cause ELinks to\ncrash and possibly execute arbitrary code via embedded formatting sequences\nin translated messages. (CVE-2007-2027)\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1471",
"url": "https://access.redhat.com/errata/RHSA-2009:1471"
},
{
"category": "external",
"summary": "235411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=235411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "523258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523258"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1471.json"
}
],
"title": "Red Hat Security Advisory: elinks security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:16+00:00",
"generator": {
"date": "2025-11-21T17:35:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2009:1471",
"initial_release_date": "2009-10-01T17:10:00+00:00",
"revision_history": [
{
"date": "2009-10-01T17:10:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-10-01T13:26:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.ia64",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64",
"product_id": "elinks-0:0.9.2-4.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.ia64",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.ia64",
"product_id": "elinks-0:0.11.1-6.el5_4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.src",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.src",
"product_id": "elinks-0:0.9.2-4.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.src",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.src",
"product_id": "elinks-0:0.11.1-6.el5_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"product_id": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"product_id": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.i386",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386",
"product_id": "elinks-0:0.9.2-4.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.i386",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.i386",
"product_id": "elinks-0:0.11.1-6.el5_4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.ppc",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc",
"product_id": "elinks-0:0.9.2-4.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.ppc",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.ppc",
"product_id": "elinks-0:0.11.1-6.el5_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.s390x",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x",
"product_id": "elinks-0:0.9.2-4.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "elinks-0:0.11.1-6.el5_4.1.s390x",
"product": {
"name": "elinks-0:0.11.1-6.el5_4.1.s390x",
"product_id": "elinks-0:0.11.1-6.el5_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.11.1-6.el5_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"product": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"product_id": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.11.1-6.el5_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "elinks-0:0.9.2-4.el4_8.1.s390",
"product": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390",
"product_id": "elinks-0:0.9.2-4.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks@0.9.2-4.el4_8.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"product": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"product_id": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/elinks-debuginfo@0.9.2-4.el4_8.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.src"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.src"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.src"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
},
"product_reference": "elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2027",
"discovery_date": "2007-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "235411"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elinks tries to load .po files from a non-absolute path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-2027"
},
{
"category": "external",
"summary": "RHBZ#235411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=235411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-2027",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2027"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2027",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2027"
}
],
"release_date": "2007-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-10-01T17:10:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1471"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "elinks tries to load .po files from a non-absolute path"
},
{
"cve": "CVE-2008-7224",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2009-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "523258"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elinks: entity_cache static array buffer overflow (off-by-one)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-7224"
},
{
"category": "external",
"summary": "RHBZ#523258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-7224",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-7224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-7224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7224"
}
],
"release_date": "2006-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-10-01T17:10:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1471"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:elinks-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-0:0.9.2-4.el4_8.1.src",
"4AS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4AS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.src",
"4Desktop:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4Desktop:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-0:0.9.2-4.el4_8.1.src",
"4ES:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4ES:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-0:0.9.2-4.el4_8.1.src",
"4WS:elinks-0:0.9.2-4.el4_8.1.x86_64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.i386",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ia64",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.ppc",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.s390x",
"4WS:elinks-debuginfo-0:0.9.2-4.el4_8.1.x86_64",
"5Client:elinks-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-0:0.11.1-6.el5_4.1.src",
"5Client:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Client:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-0:0.11.1-6.el5_4.1.src",
"5Server:elinks-0:0.11.1-6.el5_4.1.x86_64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.i386",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ia64",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.ppc",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.s390x",
"5Server:elinks-debuginfo-0:0.11.1-6.el5_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "elinks: entity_cache static array buffer overflow (off-by-one)"
}
]
}
GSD-2007-2027
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-2027",
"description": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks.",
"id": "GSD-2007-2027",
"references": [
"https://access.redhat.com/errata/RHSA-2009:1471",
"https://linux.oracle.com/cve/CVE-2007-2027.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2007-2027"
],
"details": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks.",
"id": "GSD-2007-2027",
"modified": "2023-12-13T01:21:37.536493Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25550"
},
{
"name": "2007-0017",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "USN-457-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"name": "25198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25198"
},
{
"name": "ADV-2007-1686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1686"
},
{
"name": "35668",
"refsource": "OSVDB",
"url": "http://osvdb.org/35668"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"name": "oval:org.mitre.oval:def:9741",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
},
{
"name": "23844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23844"
},
{
"name": "25169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25169"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"name": "25255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200706-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2027"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"name": "USN-457-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"name": "23844",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/23844"
},
{
"name": "25169",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25169"
},
{
"name": "25198",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25198"
},
{
"name": "2007-0017",
"refsource": "TRUSTIX",
"tags": [],
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "25255",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200706-03",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
},
{
"name": "25550",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25550"
},
{
"name": "35668",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/35668"
},
{
"name": "ADV-2007-1686",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1686"
},
{
"name": "oval:org.mitre.oval:def:9741",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-10-11T01:32Z",
"publishedDate": "2007-04-13T18:19Z"
}
}
}
FKIE_CVE-2007-2027
Vulnerability from fkie_nvd - Published: 2007-04-13 18:19 - Updated: 2026-04-23 00:35
Severity ?
Summary
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789 | ||
| cve@mitre.org | http://osvdb.org/35668 | ||
| cve@mitre.org | http://secunia.com/advisories/25169 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25198 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25255 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25550 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200706-03.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23844 | ||
| cve@mitre.org | http://www.trustix.org/errata/2007/0017/ | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-457-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1686 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/35668 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25169 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25255 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25550 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200706-03.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23844 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2007/0017/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-457-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1686 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A59D584-A2D1-421B-BA8B-7EC4EC459B3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta (path) de b\u00fasqueda no confiable en la funci\u00f3n add_filename_to_string en el archivo intl/gettext/loadmsgcat.c para Elinks versi\u00f3n 0.11.1, permite a usuarios locales causar que Elinks use un cat\u00e1logo de mensajes gettext no confiable (archivo .po) en un directorio \"../po\", que puede ser aprovechado para conducir ataques de cadena de formato."
}
],
"evaluatorImpact": "An untrusted message catalog might lead to a format-string attack when an\r\nattacker tricks user into launching links from a particular directory.\r\n",
"id": "CVE-2007-2027",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-04-13T18:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35668"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25169"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25198"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25255"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25550"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23844"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1686"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200706-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-457-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9741"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue affected Red Hat Enterprise Linux 4 and 5. Update packages were released to correct it via: http://rhn.redhat.com/errata/RHSA-2009-1471.html",
"lastModified": "2009-10-02T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…