Elinks - Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES Manual

Chapter 1. Package Updates
ELILO is a Linux boot loader for Extensible Firmware Interface (EFI)-based systems, such as those
running an Itanium CPU.RHSA-2009:1341
This update add the following enhancement:
* previously ELILO's boot manager, efibootmgr, returned only two error codes: "0" for success and
"1" for failure. There are multiple reasons for the boot manager to fail, however, and diagnosing such
failures was difficult with only one all-purpose error code. This update adds validation checks and error
messages to identify boot manager failures depending upon the error condition encountered. Error
messages now returned when efibootmgr fails include "partition is not valid"; "Failed to open extra
arguments"; "Invalid hex characters in boot order" and others.
All elilo users should upgrade to this updated package, which adds this feature.

1.46. elinks

1.46.1. RHSA-2009:1471: Important security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1471
errata
An updated elinks package that fixes two security issues is now available for Red Hat Enterprise Linux
4 and 5.
This update has been rated as having important security impact by the Red Hat Security Response
Team.
ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames,
tables, and most other HTML tags.
An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of
string representations for HTML special entities. A remote attacker could use this flaw to create a
specially-crafted HTML file that would cause ELinks to crash or, possibly, execute arbitrary code when
rendered. (CVE-2008-7224
It was discovered that ELinks tried to load translation files using relative paths. A local attacker able
to trick a victim into running ELinks in a folder containing specially-crafted translation files could use
this flaw to confuse the victim via incorrect translations, or cause ELinks to crash and possibly execute
arbitrary code via embedded formatting sequences in translated messages.
All ELinks users are advised to upgrade to this updated package, which contains backported patches
to resolve these issues.
323
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250327
325
https://www.redhat.com/security/data/cve/CVE-2008-7224.html
326
https://www.redhat.com/security/data/cve/CVE-2007-2027.html
50
324
325
)
323
(BZ#250327 )
(CVE-2007-2027
326
)