Fedora 25: w3m Security Update
Summary
The w3m program is a pager (or text file viewer) that can also be used
as a text-mode Web browser. W3m features include the following: when
reading an HTML document, you can follow links and view images using
an external image viewer; its internet message mode determines the
type of document from the header; if the Content-Type field of the
document is text/html, the document is displayed as an HTML document;
you can change a URL description like '' in plain
text into a link to that URL.
If you want to display the inline images on w3m, you need to install
w3m-img package as well.
Update Information:
Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 And new upstream 20170102 as well
Change Log
References
[ 1 ] Bug #1399740 - CVE-2016-9633 w3m: Memory exhaustion due to repeatedly appending '' https://bugzilla.redhat.com/show_bug.cgi?id=1399740 [ 2 ] Bug #1399739 - CVE-2016-9632 w3m: Buffer-overflow in wc_any_to_ucs() https://bugzilla.redhat.com/show_bug.cgi?id=1399739 [ 3 ] Bug #1399737 - CVE-2016-9630 w3m: Buffer-overflow in parseURL() https://bugzilla.redhat.com/show_bug.cgi?id=1399737 [ 4 ] Bug #1399734 - CVE-2016-9631 w3m: Null pointer dereference in HTMLlineproc0() https://bugzilla.redhat.com/show_bug.cgi?id=1399734 [ 5 ] Bug #1399732 - CVE-2016-9629 w3m: Null pointer dereference in shiftAnchorPosition() https://bugzilla.redhat.com/show_bug.cgi?id=1399732 [ 6 ] Bug #1399730 - CVE-2016-9628 w3m: Null pointer dereference due to bad form id in HTMLlineproc2body() https://bugzilla.redhat.com/show_bug.cgi?id=1399730 [ 7 ] Bug #1399728 - CVE-2016-9627 w3m: Array index out of bounds in display.c https://bugzilla.redhat.com/show_bug.cgi?id=1399728 [ 8 ] Bug #1399723 - CVE-2016-9626 w3m: Infinite recursion in HTMLlineproc0 https://bugzilla.redhat.com/show_bug.cgi?id=1399723 [ 9 ] Bug #1399720 - CVE-2016-9625 w3m: HTMLlineproc0 infinite recursion https://bugzilla.redhat.com/show_bug.cgi?id=1399720 [ 10 ] Bug #1399718 - CVE-2016-9624 w3m: Null pointer dereference in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399718 [ 11 ] Bug #1399715 - CVE-2016-9623 w3m: Integer overflow resulting in segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=1399715 [ 12 ] Bug #1399713 - CVE-2016-9622 w3m: Null pointer dereference in HTMLlineproc2body https://bugzilla.redhat.com/show_bug.cgi?id=1399713 [ 13 ] Bug #1399710 - CVE-2016-9443 w3m: Null pointer dereference in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399710 [ 14 ] Bug #1399707 - CVE-2016-9442 w3m: Potential heap-buffer corruption due to Strgrow https://bugzilla.redhat.com/show_bug.cgi?id=1399707 [ 15 ] Bug #1399705 - CVE-2016-9441 w3m: Null pointer dereference in do_refill https://bugzilla.redhat.com/show_bug.cgi?id=1399705 [ 16 ] Bug #1399702 - CVE-2016-9440 w3m: Null pointer dereference in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399702 [ 17 ] Bug #1399701 - CVE-2016-9439 w3m: Infinite recursion with nested table and textarea https://bugzilla.redhat.com/show_bug.cgi?id=1399701 [ 18 ] Bug #1399699 - CVE-2016-9438 w3m: Null pointer dereference with input_alt tag https://bugzilla.redhat.com/show_bug.cgi?id=1399699 [ 19 ] Bug #1399697 - CVE-2016-9437 w3m: Write access violation with '' https://bugzilla.redhat.com/show_bug.cgi?id=1399697 [ 20 ] Bug #1399695 - CVE-2016-9436 w3m: Unitialised value in parsetagx.c https://bugzilla.redhat.com/show_bug.cgi?id=1399695 [ 21 ] Bug #1399694 - CVE-2016-9435 w3m: Unitialised value in file.c https://bugzilla.redhat.com/show_bug.cgi?id=1399694 [ 22 ] Bug #1399691 - CVE-2016-9434 w3m: Null pointer dereference due to incorrect form_int fid https://bugzilla.redhat.com/show_bug.cgi?id=1399691 [ 23 ] Bug #1399690 - CVE-2016-9433 w3m: Segmentation fault when parsing iso2022 characters https://bugzilla.redhat.com/show_bug.cgi?id=1399690 [ 24 ] Bug #1399689 - CVE-2016-9432 w3m: Segmentation fault due to bcopy with negative size https://bugzilla.redhat.com/show_bug.cgi?id=1399689 [ 25 ] Bug #1399687 - CVE-2016-9431 w3m: Stack buffer overflow in deleteFrameSet() https://bugzilla.redhat.com/show_bug.cgi?id=1399687 [ 26 ] Bug #1399685 - CVE-2016-9430 w3m: Segmentation fault with malformed input tag https://bugzilla.redhat.com/show_bug.cgi?id=1399685 [ 27 ] Bug #1399682 - CVE-2016-9429 w3m: Global-buffer-overflow write in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399682 [ 28 ] Bug #1399668 - CVE-2016-9426 w3m: Heap corruption due to integer overflow in renderTable() https://bugzilla.redhat.com/show_bug.cgi?id=1399668 [ 29 ] Bug #1399667 - CVE-2016-9428 w3m: Out-of-bounds write in addMultirowsForm() https://bugzilla.redhat.com/show_bug.cgi?id=1399667 [ 30 ] Bug #1399666 - CVE-2016-9425 w3m: Segmentation fault due to write to lineBuf[-1] in addMultirowsForm https://bugzilla.redhat.com/show_bug.cgi?id=1399666 [ 31 ] Bug #1399665 - CVE-2016-9424 w3m: Out-of-bounds heap write due to negative array index https://bugzilla.redhat.com/show_bug.cgi?id=1399665 [ 32 ] Bug #1399664 - CVE-2016-9423 w3m: Malformed html tag heap-buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1399664 [ 33 ] Bug #1399662 - CVE-2016-9422 w3m: Stack smashed with large image inside table https://bugzilla.redhat.com/show_bug.cgi?id=1399662
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade w3m' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
