Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in w3m
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in w3m
ID: FEDORA-2017-2e6b693937
Distribution: Fedora
Plattformen: Fedora 25
Datum: Di, 14. März 2017, 07:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9631
Applikationen: w3m

Originalnachricht

 
Name        : w3m
Product     : Fedora 25
Version     : 0.5.3
Release     : 30.git20170102.fc25
URL         : http://w3m.sourceforge.net/
Summary     : A pager with Web browsing abilities
Description :
The w3m program is a pager (or text file viewer) that can also be used
as a text-mode Web browser. W3m features include the following: when
reading an HTML document, you can follow links and view images using
an external image viewer; its internet message mode determines the
type of document from the header; if the Content-Type field of the
document is text/html, the document is displayed as an HTML document;
you can change a URL description like 'http://hogege.net' in plain
text into a link to that URL.
If you want to display the inline images on w3m, you need to install
w3m-img package as well.

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425,
CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431,
CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436,
CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441,
CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624,
CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629,
CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633  And new upstream
20170102 as well
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1399740 - CVE-2016-9633 w3m: Memory exhaustion due to repeatedly
 appending '<table>'
        https://bugzilla.redhat.com/show_bug.cgi?id=1399740
  [ 2 ] Bug #1399739 - CVE-2016-9632 w3m: Buffer-overflow in wc_any_to_ucs()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399739
  [ 3 ] Bug #1399737 - CVE-2016-9630 w3m: Buffer-overflow in parseURL()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399737
  [ 4 ] Bug #1399734 - CVE-2016-9631 w3m: Null pointer dereference in
 HTMLlineproc0()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399734
  [ 5 ] Bug #1399732 - CVE-2016-9629 w3m: Null pointer dereference in
 shiftAnchorPosition()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399732
  [ 6 ] Bug #1399730 - CVE-2016-9628 w3m: Null pointer dereference due to bad
 form id in HTMLlineproc2body()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399730
  [ 7 ] Bug #1399728 - CVE-2016-9627 w3m: Array index out of bounds in
 display.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1399728
  [ 8 ] Bug #1399723 - CVE-2016-9626 w3m: Infinite recursion in HTMLlineproc0
        https://bugzilla.redhat.com/show_bug.cgi?id=1399723
  [ 9 ] Bug #1399720 - CVE-2016-9625 w3m: HTMLlineproc0 infinite recursion
        https://bugzilla.redhat.com/show_bug.cgi?id=1399720
  [ 10 ] Bug #1399718 - CVE-2016-9624 w3m: Null pointer dereference in
 formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399718
  [ 11 ] Bug #1399715 - CVE-2016-9623 w3m: Integer overflow resulting in
 segmentation fault
        https://bugzilla.redhat.com/show_bug.cgi?id=1399715
  [ 12 ] Bug #1399713 - CVE-2016-9622 w3m: Null pointer dereference in
 HTMLlineproc2body
        https://bugzilla.redhat.com/show_bug.cgi?id=1399713
  [ 13 ] Bug #1399710 - CVE-2016-9443 w3m: Null pointer dereference in
 formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399710
  [ 14 ] Bug #1399707 - CVE-2016-9442 w3m: Potential heap-buffer corruption due
 to Strgrow
        https://bugzilla.redhat.com/show_bug.cgi?id=1399707
  [ 15 ] Bug #1399705 - CVE-2016-9441 w3m: Null pointer dereference in
 do_refill
        https://bugzilla.redhat.com/show_bug.cgi?id=1399705
  [ 16 ] Bug #1399702 - CVE-2016-9440 w3m: Null pointer dereference in
 formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399702
  [ 17 ] Bug #1399701 - CVE-2016-9439 w3m: Infinite recursion with nested table
 and textarea
        https://bugzilla.redhat.com/show_bug.cgi?id=1399701
  [ 18 ] Bug #1399699 - CVE-2016-9438 w3m: Null pointer dereference with
 input_alt tag
        https://bugzilla.redhat.com/show_bug.cgi?id=1399699
  [ 19 ] Bug #1399697 - CVE-2016-9437 w3m: Write access violation with
 '<button type=radio>'
        https://bugzilla.redhat.com/show_bug.cgi?id=1399697
  [ 20 ] Bug #1399695 - CVE-2016-9436 w3m: Unitialised value in parsetagx.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1399695
  [ 21 ] Bug #1399694 - CVE-2016-9435 w3m: Unitialised value in file.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1399694
  [ 22 ] Bug #1399691 - CVE-2016-9434 w3m: Null pointer dereference due to
 incorrect form_int fid
        https://bugzilla.redhat.com/show_bug.cgi?id=1399691
  [ 23 ] Bug #1399690 - CVE-2016-9433 w3m: Segmentation fault when parsing
 iso2022 characters
        https://bugzilla.redhat.com/show_bug.cgi?id=1399690
  [ 24 ] Bug #1399689 - CVE-2016-9432 w3m: Segmentation fault due to bcopy with
 negative size
        https://bugzilla.redhat.com/show_bug.cgi?id=1399689
  [ 25 ] Bug #1399687 - CVE-2016-9431 w3m: Stack buffer overflow in
 deleteFrameSet()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399687
  [ 26 ] Bug #1399685 - CVE-2016-9430 w3m: Segmentation fault with malformed
 input tag
        https://bugzilla.redhat.com/show_bug.cgi?id=1399685
  [ 27 ] Bug #1399682 - CVE-2016-9429 w3m: Global-buffer-overflow write in
 formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399682
  [ 28 ] Bug #1399668 - CVE-2016-9426 w3m: Heap corruption due to integer
 overflow in renderTable()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399668
  [ 29 ] Bug #1399667 - CVE-2016-9428 w3m: Out-of-bounds write in
 addMultirowsForm()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399667
  [ 30 ] Bug #1399666 - CVE-2016-9425 w3m: Segmentation fault due to write to
 lineBuf[-1] in addMultirowsForm
        https://bugzilla.redhat.com/show_bug.cgi?id=1399666
  [ 31 ] Bug #1399665 - CVE-2016-9424 w3m: Out-of-bounds heap write due to
 negative array index
        https://bugzilla.redhat.com/show_bug.cgi?id=1399665
  [ 32 ] Bug #1399664 - CVE-2016-9423 w3m: Malformed html tag heap-buffer
 overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1399664
  [ 33 ] Bug #1399662 - CVE-2016-9422 w3m: Stack smashed with large image
 inside table
        https://bugzilla.redhat.com/show_bug.cgi?id=1399662
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade w3m' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung