Описание
Security update for w3m
This update for w3m fixes the following issues:
- update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
Ссылки
- Link for SUSE-SU-2016:3053-1
- E-Mail link for SUSE-SU-2016:3053-1
- SUSE Security Ratings
- SUSE Bug 1011283
- SUSE Bug 1011284
- SUSE Bug 1011285
- SUSE Bug 1011286
- SUSE Bug 1011287
- SUSE Bug 1011288
- SUSE Bug 1011289
- SUSE Bug 1011290
- SUSE Bug 1011291
- SUSE Bug 1011292
- SUSE Bug 1011293
- SUSE Bug 1012021
- SUSE Bug 1012022
- SUSE Bug 1012023
- SUSE Bug 1012024
- SUSE Bug 1012025
- SUSE Bug 1012026
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9434
- SUSE Bug 1011283
- SUSE Bug 1011293
Описание
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
Затронутые продукты
Ссылки
- CVE-2016-9435
- SUSE Bug 1011284
- SUSE Bug 1011293
Описание
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Затронутые продукты
Ссылки
- CVE-2016-9436
- SUSE Bug 1011285
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9437
- SUSE Bug 1011286
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9438
- SUSE Bug 1011287
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9439
- SUSE Bug 1011288
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9440
- SUSE Bug 1011289
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9441
- SUSE Bug 1011290
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9442
- SUSE Bug 1011291
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9443
- SUSE Bug 1011292
- SUSE Bug 1011293
Описание
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Затронутые продукты
Ссылки
- CVE-2016-9621
- SUSE Bug 1011278
- SUSE Bug 1011293
- SUSE Bug 1012020
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9622
- SUSE Bug 1011293
- SUSE Bug 1012021
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9623
- SUSE Bug 1011293
- SUSE Bug 1012022
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9624
- SUSE Bug 1011293
- SUSE Bug 1012023
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9625
- SUSE Bug 1011293
- SUSE Bug 1012024
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9626
- SUSE Bug 1011293
- SUSE Bug 1012025
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9627
- SUSE Bug 1011293
- SUSE Bug 1012026
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9628
- SUSE Bug 1011293
- SUSE Bug 1012027
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9629
- SUSE Bug 1011293
- SUSE Bug 1012028
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9630
- SUSE Bug 1011293
- SUSE Bug 1012029
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9631
- SUSE Bug 1011293
- SUSE Bug 1012030
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9632
- SUSE Bug 1011293
- SUSE Bug 1012031
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9633
- SUSE Bug 1011293
- SUSE Bug 1012032