Описание
Security update for w3m
This update for w3m fixes the following security issues (bsc#1011293):
- CVE-2016-9622: w3m: null deref (bsc#1012021)
- CVE-2016-9623: w3m: null deref (bsc#1012022)
- CVE-2016-9624: w3m: near-null deref (bsc#1012023)
- CVE-2016-9625: w3m: stack overflow (bsc#1012024)
- CVE-2016-9626: w3m: stack overflow (bsc#1012025)
- CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026)
- CVE-2016-9628: w3m: null deref (bsc#1012027)
- CVE-2016-9629: w3m: null deref (bsc#1012028)
- CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029)
- CVE-2016-9631: w3m: null deref (bsc#1012030)
- CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031)
- CVE-2016-9633: w3m: OOM (bsc#1012032)
- CVE-2016-9434: w3m: null deref (bsc#1011283)
- CVE-2016-9435: w3m: use uninit value (bsc#1011284)
- CVE-2016-9436: w3m: use uninit value (bsc#1011285)
- CVE-2016-9437: w3m: write to rodata (bsc#1011286)
- CVE-2016-9438: w3m: null deref (bsc#1011287)
- CVE-2016-9439: w3m: stack overflow (bsc#1011288)
- CVE-2016-9440: w3m: near-null deref (bsc#1011289)
- CVE-2016-9441: w3m: near-null deref (bsc#1011290)
- CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291)
- CVE-2016-9443: w3m: null deref (bsc#1011292)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2016:3121-1
- SUSE Security Ratings
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9434
- SUSE Bug 1011283
- SUSE Bug 1011293
Описание
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
Затронутые продукты
Ссылки
- CVE-2016-9435
- SUSE Bug 1011284
- SUSE Bug 1011293
Описание
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Затронутые продукты
Ссылки
- CVE-2016-9436
- SUSE Bug 1011285
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9437
- SUSE Bug 1011286
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9438
- SUSE Bug 1011287
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9439
- SUSE Bug 1011288
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9440
- SUSE Bug 1011289
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9441
- SUSE Bug 1011290
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9442
- SUSE Bug 1011291
- SUSE Bug 1011293
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9443
- SUSE Bug 1011292
- SUSE Bug 1011293
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-9621
- SUSE Bug 1011278
- SUSE Bug 1011293
- SUSE Bug 1012020
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9622
- SUSE Bug 1011293
- SUSE Bug 1012021
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9623
- SUSE Bug 1011293
- SUSE Bug 1012022
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9624
- SUSE Bug 1011293
- SUSE Bug 1012023
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9625
- SUSE Bug 1011293
- SUSE Bug 1012024
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9626
- SUSE Bug 1011293
- SUSE Bug 1012025
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9627
- SUSE Bug 1011293
- SUSE Bug 1012026
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9628
- SUSE Bug 1011293
- SUSE Bug 1012027
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9629
- SUSE Bug 1011293
- SUSE Bug 1012028
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9630
- SUSE Bug 1011293
- SUSE Bug 1012029
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9631
- SUSE Bug 1011293
- SUSE Bug 1012030
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9632
- SUSE Bug 1011293
- SUSE Bug 1012031
Описание
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-9633
- SUSE Bug 1011293
- SUSE Bug 1012032