[security-announce] openSUSE-SU-2019:2185-1: moderate: Security update for links
openSUSE Security Update: Security update for links ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: #1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for links fixes the following issues: links was updated to 2.20.1: * libevent bug fixes links was updated to 2.20: * Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with rel=dns-prefetch boo#1149886 * stability improvements * file urls support local hostnames * mouse support improvement * improve interaction with Google * Support the zstd compression algorithm * Use proper cookie expiry links was updated to 2.19: * Fixed a crash on invalidn IDN URLs * Make font selection possible via fontconfig * Show certificate authority in Document info box * Use international error messages * The -dump switch didn't report errors on stdout write links was updated to 2.18: * Automatically enable tor mode when the socks port is 9050 * When in tor mode, invert colors on top line and bottom line * Fix an incorrect shift in write_ev_queue * Fix runtime error sanitizer warning * Add a menu entry to save and load a clipboard * Don't synch with Xserver on every pixmap load * Fix "Network Options" bug that caused a timeout * Fix a possible integer overflow in decoder_memory_expand * Fix possible pointer arithmetics bug if os allocated few bytes * Add a button to never accept invalid certs for a given server * Fix incorrect strings -html-t-text-color * Add ascii replacement of Romanian S and T with comma * Fix a bug when IPv6 control connection to ftp server fails links was updated to 2.17: * Fix verifying SSL certificates for numeric IPv6 addresses * Delete the option -ftp.fast - it doesn't always work and ftp performance is not an issue anymore * Add bold and monospaced Turkish letter 'i' without a dot * On OS/2 allocate OpenSSL memory fro the lower heap. It fixes SSL on systems with old 16-bit TCP/IP stack * Fix IPv6 on OpenVMS Alpha * Support mouse scroll wheel in textarea * Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the "buggy" behavior and defines new codes 307 and 308 that retain the post data * X11 - fixed colormap leak when creating a new window * Fixed an infinite loop that happened in graphics mode if the user clicked on OK in "Miscellaneous options" dialog and more than one windows were open. This bug was introduced in Links 2.15 * Support 6x6x6 RGB palette in 256-bit color mode on framebuffer * Implement dithering properly on OS/2 in 15-bit and 16-bit color mode. In 8-bit mode, Links may optionally use a private palette - it improves visual quality of Links images, but degrades visual quality of other concurrently running programs. * Improve scrolling smoothness when the user drags the whole document * On OS/2, allocate large memory blocks directly (not with malloc). It reduces memory waste * Fixed a bug that setting terminal title and resizing a terminal didn't work on OS/2 and Windows. The bug was introduced in Links 2.16 when shutting up coverity warnings * Set link color to yellow by default * Delete the option -http-bugs.bug-post-no-keepalive. It was needed in 1999 to avoid some bug in some http server and it is not needed anymore * Trust Content-Length on HTTP/1.0 redirect requests. This fixes hangs with misbehaving servers that honor Connection:keep-alive but send out HTTP/1.0 reply without Connection: keep-alive. Links thought that they don't support keep-alive and waited for the connection to close (for example http://www.raspberrypi.org) * Use keys 'H' and 'L' to select the top and bottom link on the current page links was updated to 2.16: * Improve handling of the DELETE key * Implement the bracketed paste mode * Fix various bugs found by coverity * Fix a crash in proxy authentication code * Fixed internal error "invalid set_handlers call" on framebuffer if links is suspend and terminate at the same time Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-2185=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-2185=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): links-2.20.1-lp151.3.3.1 links-debuginfo-2.20.1-lp151.3.3.1 links-debugsource-2.20.1-lp151.3.3.1 - openSUSE Leap 15.0 (x86_64): links-2.20.1-lp150.2.3.1 links-debuginfo-2.20.1-lp150.2.3.1 links-debugsource-2.20.1-lp150.2.3.1 - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): links-2.20.1-bp151.4.3.1 - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): links-2.20.1-bp150.2.3.1 links-debuginfo-2.20.1-bp150.2.3.1 links-debugsource-2.20.1-bp150.2.3.1 References: https://bugzilla.suse.com/1149886 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
participants (1)
-
opensuse-security@opensuse.org