Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 38: 2024-38c2261ca0 Critical: W3M Out-Of-Bounds Access Issue

fedora
Calendar Grey March 27, 2024
Dist Fedora Esm H88
This latest Firefox update for Linux resolves several critical vulnerabilities, enhancing both security measures and user experience.
Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Summary

The w3m program is a pager (or text file viewer) that can also be used

as a text-mode Web browser. W3m features include the following: when

reading an HTML document, you can follow links and view images using

an external image viewer; its internet message mode determines the

type of document from the header; if the Content-Type field of the

document is text/html, the document is displayed as an HTML document;

you can change a URL description like ' in plain

text into a link to that URL.

If you want to display the inline images on w3m, you need to install

w3m-img package as well.

Update Information:

Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Topics%20covered

Topics Covered

security advisory fedora software update w3m out-of-bounds access

Change Log

* Mon Mar 18 2024 Robert Scheck - 0.5.3-63.git20230121 - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207) * Sat Jan 27 2024 Fedora Release Engineering - 0.5.3-62.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering - 0.5.3-61.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c https://bugzilla.redhat.com/show_bug.cgi?id=2222775 [ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c https://bugzilla.redhat.com/show_bug.cgi?id=2222779 [ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223) https://bugzilla.redhat.com/show_bug.cgi?id=2255207

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-38c2261ca0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: w3m
Product: Fedora 38
Version: 0.5.3
Release: 63.git20230121.fc38
URL:
Summary: Pager with Web browsing abilities

Topics%20covered

Topics Covered

security advisory fedora software update w3m out-of-bounds access

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here