Fedora 27 w3m Security Advisory: Moderate Risk Issues Fixed

The w3m program is a pager (or text file viewer) that can also be used

as a text-mode Web browser. W3m features include the following: when

reading an HTML document, you can follow links and view images using

an external image viewer; its internet message mode determines the

type of document from the header; if the Content-Type field of the

document is text/html, the document is displayed as an HTML document;

you can change a URL description like ' in plain

text into a link to that URL.

If you want to display the inline images on w3m, you need to install

w3m-img package as well.

Rebase to latest upstream gitrev 20180125 and Security fix for CVE-2018-6196,

CVE-2018-6197, CVE-2018-6198

[ 1 ] Bug #1539151 - CVE-2018-6197 w3m: Null pointer dereference in formUpdateBuffer in form.c

https://bugzilla.redhat.com/show_bug.cgi?id=1539151

[ 2 ] Bug #1539157 - CVE-2018-6196 w3m: Infinite recursion in HTMLlineproc0

https://bugzilla.redhat.com/show_bug.cgi?id=1539157

[ 3 ] Bug #1539127 - CVE-2018-6198 w3m: insecure temporary files creation when ~/.w3m is unwritable

https://bugzilla.redhat.com/show_bug.cgi?id=1539127

su -c 'dnf upgrade w3m' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org