Описание
Security update for w3m
This update for w3m fixes the following issues:
- CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684).
Список пакетов
Image SLES12-SP5-Azure-SAP-BYOS
w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-Azure-SAP-On-Demand
w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-EC2-SAP-BYOS
w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-EC2-SAP-On-Demand
w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-GCE-SAP-BYOS
w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-GCE-SAP-On-Demand
w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
w3m-0.5.3.git20161120-161.6.1
SUSE Linux Enterprise Server 12 SP5
w3m-0.5.3.git20161120-161.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
w3m-0.5.3.git20161120-161.6.1
Ссылки
- Link for SUSE-SU-2023:0066-1
- E-Mail link for SUSE-SU-2023:0066-1
- SUSE Security Ratings
- SUSE Bug 1202684
- SUSE CVE CVE-2022-38223 page
Описание
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-Azure-SAP-On-Demand:w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-EC2-SAP-BYOS:w3m-0.5.3.git20161120-161.6.1
Image SLES12-SP5-EC2-SAP-On-Demand:w3m-0.5.3.git20161120-161.6.1
Ссылки
- CVE-2022-38223
- SUSE Bug 1202684
- SUSE Bug 1218226