Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 25 w3m Update: 2017:2e6b693937 Critical Buffer Overflow

fedora
Calendar Grey March 14, 2017
Dist Fedora Esm H88
Important security patch for w3m in Fedora 25 resolving numerous vulnerabilities and enhancing overall performance.
Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433...

Summary

The w3m program is a pager (or text file viewer) that can also be used

as a text-mode Web browser. W3m features include the following: when

reading an HTML document, you can follow links and view images using

an external image viewer; its internet message mode determines the

type of document from the header; if the Content-Type field of the

document is text/html, the document is displayed as an HTML document;

you can change a URL description like ' in plain

text into a link to that URL.

If you want to display the inline images on w3m, you need to install

w3m-img package as well.

Update Information:

Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 And new upstream 20170102 as well

Topics%20covered

Topics Covered

security advisory buffer overflow critical heap corruption Fedora security fix w3m

Change Log

References


[ 1 ] Bug #1399740 - CVE-2016-9633 w3m: Memory exhaustion due to repeatedly appending '

' https://bugzilla.redhat.com/show_bug.cgi?id=1399740 [ 2 ] Bug #1399739 - CVE-2016-9632 w3m: Buffer-overflow in wc_any_to_ucs() https://bugzilla.redhat.com/show_bug.cgi?id=1399739 [ 3 ] Bug #1399737 - CVE-2016-9630 w3m: Buffer-overflow in parseURL() https://bugzilla.redhat.com/show_bug.cgi?id=1399737 [ 4 ] Bug #1399734 - CVE-2016-9631 w3m: Null pointer dereference in HTMLlineproc0() https://bugzilla.redhat.com/show_bug.cgi?id=1399734 [ 5 ] Bug #1399732 - CVE-2016-9629 w3m: Null pointer dereference in shiftAnchorPosition() https://bugzilla.redhat.com/show_bug.cgi?id=1399732 [ 6 ] Bug #1399730 - CVE-2016-9628 w3m: Null pointer dereference due to bad form id in HTMLlineproc2body() https://bugzilla.redhat.com/show_bug.cgi?id=1399730 [ 7 ] Bug #1399728 - CVE-2016-9627 w3m: Array index out of bounds in display.c https://bugzilla.redh...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade w3m' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: w3m
Product: Fedora 25
Version: 0.5.3
Release: 30.git20170102.fc25
URL:
Summary: A pager with Web browsing abilities

Topics%20covered

Topics Covered

security advisory buffer overflow critical heap corruption Fedora security fix w3m

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here