Описание
Security update for w3m
This update for w3m fixes the following issues:
- CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
w3m-0.5.3+git20180125-150000.3.3.1
SUSE Linux Enterprise Real Time 15 SP3
w3m-0.5.3+git20180125-150000.3.3.1
openSUSE Leap 15.4
w3m-0.5.3+git20180125-150000.3.3.1
w3m-inline-image-0.5.3+git20180125-150000.3.3.1
Ссылки
- Link for SUSE-SU-2023:0065-1
- E-Mail link for SUSE-SU-2023:0065-1
- SUSE Security Ratings
- SUSE Bug 1202684
- SUSE CVE CVE-2022-38223 page
Описание
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:w3m-0.5.3+git20180125-150000.3.3.1
SUSE Linux Enterprise Real Time 15 SP3:w3m-0.5.3+git20180125-150000.3.3.1
openSUSE Leap 15.4:w3m-0.5.3+git20180125-150000.3.3.1
openSUSE Leap 15.4:w3m-inline-image-0.5.3+git20180125-150000.3.3.1
Ссылки
- CVE-2022-38223
- SUSE Bug 1202684
- SUSE Bug 1218226