Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4439-1

Опубликовано: 14 нояб. 2023
Источник: suse-cvrf

Описание

Security update for w3m

This update for w3m fixes the following issues:

  • Update to version 0.5.3+git20230121
  • CVE-2023-38252: Fixed an out-of-bounds write in function Strnew_size that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213324)
  • CVE-2023-38253: Fixed an out-of-bounds write in function growbuf_to_Str that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213323)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4
w3m-0.5.3+git20230121-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
w3m-0.5.3+git20230121-150000.3.6.1
openSUSE Leap 15.4
w3m-0.5.3+git20230121-150000.3.6.1
w3m-inline-image-0.5.3+git20230121-150000.3.6.1
openSUSE Leap 15.5
w3m-0.5.3+git20230121-150000.3.6.1
w3m-inline-image-0.5.3+git20230121-150000.3.6.1

Ссылки

Описание

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:w3m-0.5.3+git20230121-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:w3m-0.5.3+git20230121-150000.3.6.1
openSUSE Leap 15.4:w3m-0.5.3+git20230121-150000.3.6.1
openSUSE Leap 15.4:w3m-inline-image-0.5.3+git20230121-150000.3.6.1
Ссылки

Описание

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:w3m-0.5.3+git20230121-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:w3m-0.5.3+git20230121-150000.3.6.1
openSUSE Leap 15.4:w3m-0.5.3+git20230121-150000.3.6.1
openSUSE Leap 15.4:w3m-inline-image-0.5.3+git20230121-150000.3.6.1
Ссылки