Описание
ELSA-2010-0565: w3m security update (MODERATE)
[0.5.1-17]
- Resolves:rh#604861:Clear execstack requirement also for ia64 architecture
[0.5.1-16]
- Resolves:rh#604861:CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
w3m
0.5.1-17.el5_5
w3m-img
0.5.1-17.el5_5
Oracle Linux x86_64
w3m
0.5.1-17.el5_5
w3m-img
0.5.1-17.el5_5
Oracle Linux i386
w3m
0.5.1-17.el5_5
w3m-img
0.5.1-17.el5_5
Связанные CVE
Связанные уязвимости
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_se ...
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.