Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:3046-1

Опубликовано: 07 дек. 2016
Источник: suse-cvrf

Описание

Security update for w3m

This update for w3m fixes the following issues:

  • update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
w3m-0.5.3.git20161120-4.1

Ссылки

Описание

istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки

Описание

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1
Ссылки
Уязвимость SUSE-SU-2016:3046-1