Debian: w3m mutliple vulnerabilities

    Date14 Feb 2003
    CategoryDebian
    2041
    Posted ByLinuxSecurity Advisories
    There are two security vulnerabilities in w3m and associated programs.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 251-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    February 14th, 2003                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : w3m, w3m-ssl
    Vulnerability  : missing HTML quoting
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2002-1335 CAN-2002-1348
    
    Hironori Sakamoto, one of the w3m developers, found two security
    vulnerabilities in w3m and associated programs.  The w3m browser does
    not properly escape HTML tags in frame contents and img alt
    attributes.  A malicious HTML frame or img alt attribute may deceive a
    user to send his local cookies which are used for configuration.  The
    information is not leaked automatically, though.
    
    For the stable distribution (woody) these problems have been fixed in
    version 0.3-2.4.
    
    The old stable distribution (potato) is not affected by these
    problems.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.3.2.2-1 and later.
    
    We recommend that you upgrade your w3m and w3m-ssl packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4.dsc
          Size/MD5 checksum:      622 20b45c25d667d7070eb577bb3a79dbcc
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4.diff.gz
          Size/MD5 checksum:    30286 fea2017c4a531d1ff8bef12900beb0f4
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3.orig.tar.gz
          Size/MD5 checksum:  1061650 837dc9c4b64c85e720eed60a54e409ef
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4.dsc
          Size/MD5 checksum:      641 7de04cb1692172671a9c6c1361c228d7
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4.diff.gz
          Size/MD5 checksum:    29622 446fb46c6b1b1bea398beb7d4568dfb5
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3.orig.tar.gz
          Size/MD5 checksum:  1061650 837dc9c4b64c85e720eed60a54e409ef
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_alpha.deb
          Size/MD5 checksum:   716678 a4be8bbaf22be37109c24fc926ac90d2
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_alpha.deb
          Size/MD5 checksum:    46038 832edd93d5bce7f975089a4280c783c9
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_alpha.deb
          Size/MD5 checksum:   522114 4e63b78eea41987eb3c9d4e56c37f2bb
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_arm.deb
          Size/MD5 checksum:   576102 7955eee2d641927783e4d980acca3e2b
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_arm.deb
          Size/MD5 checksum:    44918 cdc767960efdb93bf98f16b2d0dbba81
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_arm.deb
          Size/MD5 checksum:   416534 bc19d77a1de0eb19ae0a890331c757ce
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_i386.deb
          Size/MD5 checksum:   536546 403d4d66e4a35b72fde1ca2648477eee
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_i386.deb
          Size/MD5 checksum:    44696 2dea9365153597340338fa6cb3d26a73
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_i386.deb
          Size/MD5 checksum:   378256 f678a241934a5cd884dc08a19602670a
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_hppa.deb
          Size/MD5 checksum:   679602 4e45ab940066fd4b31eafda7324cb882
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_hppa.deb
          Size/MD5 checksum:    45474 08805d242612377e90de7e0e6658a1eb
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_hppa.deb
          Size/MD5 checksum:   488050 abf5cba42d0f2209a9614bcbdb47d0df
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_m68k.deb
          Size/MD5 checksum:   509352 42729e7a7cf55b0f635ec7b82d74e4d3
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_m68k.deb
          Size/MD5 checksum:    44404 ab8a616265b6061dd12d81e26eeb2c86
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_m68k.deb
          Size/MD5 checksum:   353590 70b91ebb6faab0579d4d5421b4527d6d
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_mips.deb
          Size/MD5 checksum:   658884 a6bb69fdffed8f078ec96f07a226c0a9
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_mips.deb
          Size/MD5 checksum:    45254 21977f7a10c606f05eea735f66c21f7c
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_mips.deb
          Size/MD5 checksum:   469378 686ee1efae499861354ffb4a5958018c
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_mipsel.deb
          Size/MD5 checksum:   657326 334db3009539a5923e5aea348c8b5e11
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_mipsel.deb
          Size/MD5 checksum:    45252 0e2c3363c84b9f4113308179b889dd97
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_mipsel.deb
          Size/MD5 checksum:   467646 dedfb98ab9aef606ca73a925f9b694ec
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_powerpc.deb
          Size/MD5 checksum:   598206 b3634a26e9e30b3576d8b22b57f3bfc6
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_powerpc.deb
          Size/MD5 checksum:    44944 1b5252467644b0cc3c86e02665443e20
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_powerpc.deb
          Size/MD5 checksum:   416488 eea92fb56474841f98dca6a0d9b2c346
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_s390.deb
          Size/MD5 checksum:   575340 8145d936ae5cfa717dbbb11c47fc9c2c
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_s390.deb
          Size/MD5 checksum:    45476 96288fb9f339dbec945e80a27588805c
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_s390.deb
          Size/MD5 checksum:   407616 4e366109f0be690c11beafe3fe1265fa
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_sparc.deb
          Size/MD5 checksum:   609858 f72ba2a2dbdad04abe4518287d9fcf9f
         http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_sparc.deb
          Size/MD5 checksum:    45650 13c85543bd43383e30acc038b38c834f
         http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_sparc.deb
          Size/MD5 checksum:   412114 44d471fc7b738b4b21d3303654869d99
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.