Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in w3m
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in w3m
ID: FEDORA-2017-2e6b693937
Distribution: Fedora
Plattformen: Fedora 25
Datum: Di, 14. März 2017, 07:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9631

Originalnachricht

Name        : w3m
Product : Fedora 25
Version : 0.5.3
Release : 30.git20170102.fc25
URL : http://w3m.sourceforge.net/
Summary : A pager with Web browsing abilities
Description :
The w3m program is a pager (or text file viewer) that can also be used
as a text-mode Web browser. W3m features include the following: when
reading an HTML document, you can follow links and view images using
an external image viewer; its internet message mode determines the
type of document from the header; if the Content-Type field of the
document is text/html, the document is displayed as an HTML document;
you can change a URL description like 'http://hogege.net' in plain
text into a link to that URL.
If you want to display the inline images on w3m, you need to install
w3m-img package as well.

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425,
CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431,
CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436,
CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441,
CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624,
CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629,
CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 And new upstream
20170102 as well
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1399740 - CVE-2016-9633 w3m: Memory exhaustion due to repeatedly
appending '<table>'
https://bugzilla.redhat.com/show_bug.cgi?id=1399740
[ 2 ] Bug #1399739 - CVE-2016-9632 w3m: Buffer-overflow in wc_any_to_ucs()
https://bugzilla.redhat.com/show_bug.cgi?id=1399739
[ 3 ] Bug #1399737 - CVE-2016-9630 w3m: Buffer-overflow in parseURL()
https://bugzilla.redhat.com/show_bug.cgi?id=1399737
[ 4 ] Bug #1399734 - CVE-2016-9631 w3m: Null pointer dereference in
HTMLlineproc0()
https://bugzilla.redhat.com/show_bug.cgi?id=1399734
[ 5 ] Bug #1399732 - CVE-2016-9629 w3m: Null pointer dereference in
shiftAnchorPosition()
https://bugzilla.redhat.com/show_bug.cgi?id=1399732
[ 6 ] Bug #1399730 - CVE-2016-9628 w3m: Null pointer dereference due to bad
form id in HTMLlineproc2body()
https://bugzilla.redhat.com/show_bug.cgi?id=1399730
[ 7 ] Bug #1399728 - CVE-2016-9627 w3m: Array index out of bounds in
display.c
https://bugzilla.redhat.com/show_bug.cgi?id=1399728
[ 8 ] Bug #1399723 - CVE-2016-9626 w3m: Infinite recursion in HTMLlineproc0
https://bugzilla.redhat.com/show_bug.cgi?id=1399723
[ 9 ] Bug #1399720 - CVE-2016-9625 w3m: HTMLlineproc0 infinite recursion
https://bugzilla.redhat.com/show_bug.cgi?id=1399720
[ 10 ] Bug #1399718 - CVE-2016-9624 w3m: Null pointer dereference in
formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399718
[ 11 ] Bug #1399715 - CVE-2016-9623 w3m: Integer overflow resulting in
segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=1399715
[ 12 ] Bug #1399713 - CVE-2016-9622 w3m: Null pointer dereference in
HTMLlineproc2body
https://bugzilla.redhat.com/show_bug.cgi?id=1399713
[ 13 ] Bug #1399710 - CVE-2016-9443 w3m: Null pointer dereference in
formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399710
[ 14 ] Bug #1399707 - CVE-2016-9442 w3m: Potential heap-buffer corruption due
to Strgrow
https://bugzilla.redhat.com/show_bug.cgi?id=1399707
[ 15 ] Bug #1399705 - CVE-2016-9441 w3m: Null pointer dereference in
do_refill
https://bugzilla.redhat.com/show_bug.cgi?id=1399705
[ 16 ] Bug #1399702 - CVE-2016-9440 w3m: Null pointer dereference in
formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399702
[ 17 ] Bug #1399701 - CVE-2016-9439 w3m: Infinite recursion with nested table
and textarea
https://bugzilla.redhat.com/show_bug.cgi?id=1399701
[ 18 ] Bug #1399699 - CVE-2016-9438 w3m: Null pointer dereference with
input_alt tag
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
[ 19 ] Bug #1399697 - CVE-2016-9437 w3m: Write access violation with
'<button type=radio>'
https://bugzilla.redhat.com/show_bug.cgi?id=1399697
[ 20 ] Bug #1399695 - CVE-2016-9436 w3m: Unitialised value in parsetagx.c
https://bugzilla.redhat.com/show_bug.cgi?id=1399695
[ 21 ] Bug #1399694 - CVE-2016-9435 w3m: Unitialised value in file.c
https://bugzilla.redhat.com/show_bug.cgi?id=1399694
[ 22 ] Bug #1399691 - CVE-2016-9434 w3m: Null pointer dereference due to
incorrect form_int fid
https://bugzilla.redhat.com/show_bug.cgi?id=1399691
[ 23 ] Bug #1399690 - CVE-2016-9433 w3m: Segmentation fault when parsing
iso2022 characters
https://bugzilla.redhat.com/show_bug.cgi?id=1399690
[ 24 ] Bug #1399689 - CVE-2016-9432 w3m: Segmentation fault due to bcopy with
negative size
https://bugzilla.redhat.com/show_bug.cgi?id=1399689
[ 25 ] Bug #1399687 - CVE-2016-9431 w3m: Stack buffer overflow in
deleteFrameSet()
https://bugzilla.redhat.com/show_bug.cgi?id=1399687
[ 26 ] Bug #1399685 - CVE-2016-9430 w3m: Segmentation fault with malformed
input tag
https://bugzilla.redhat.com/show_bug.cgi?id=1399685
[ 27 ] Bug #1399682 - CVE-2016-9429 w3m: Global-buffer-overflow write in
formUpdateBuffer
https://bugzilla.redhat.com/show_bug.cgi?id=1399682
[ 28 ] Bug #1399668 - CVE-2016-9426 w3m: Heap corruption due to integer
overflow in renderTable()
https://bugzilla.redhat.com/show_bug.cgi?id=1399668
[ 29 ] Bug #1399667 - CVE-2016-9428 w3m: Out-of-bounds write in
addMultirowsForm()
https://bugzilla.redhat.com/show_bug.cgi?id=1399667
[ 30 ] Bug #1399666 - CVE-2016-9425 w3m: Segmentation fault due to write to
lineBuf[-1] in addMultirowsForm
https://bugzilla.redhat.com/show_bug.cgi?id=1399666
[ 31 ] Bug #1399665 - CVE-2016-9424 w3m: Out-of-bounds heap write due to
negative array index
https://bugzilla.redhat.com/show_bug.cgi?id=1399665
[ 32 ] Bug #1399664 - CVE-2016-9423 w3m: Malformed html tag heap-buffer
overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1399664
[ 33 ] Bug #1399662 - CVE-2016-9422 w3m: Stack smashed with large image
inside table
https://bugzilla.redhat.com/show_bug.cgi?id=1399662
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade w3m' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung