Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 39 Update: 2024-3fc66f8bf3 Moderate: W3m Out-Of-Bounds Access

fedora
Calendar Grey March 27, 2024
Dist Fedora Esm H88
Fedora 39 release includes enhancements that tackle out-of-bounds vulnerabilities in w3m, incorporating updates from upstream sources to bolster both security measures and overall performance.
Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Summary

The w3m program is a pager (or text file viewer) that can also be used

as a text-mode Web browser. W3m features include the following: when

reading an HTML document, you can follow links and view images using

an external image viewer; its internet message mode determines the

type of document from the header; if the Content-Type field of the

document is text/html, the document is displayed as an HTML document;

you can change a URL description like ' in plain

text into a link to that URL.

If you want to display the inline images on w3m, you need to install

w3m-img package as well.

Update Information:

Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Topics%20covered

Topics Covered

security advisory moderate update Fedora w3m out-of-bounds access

Change Log

* Mon Mar 18 2024 Robert Scheck - 0.5.3-63.git20230121 - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207) * Sat Jan 27 2024 Fedora Release Engineering - 0.5.3-62.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c https://bugzilla.redhat.com/show_bug.cgi?id=2222775 [ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c https://bugzilla.redhat.com/show_bug.cgi?id=2222779 [ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223) https://bugzilla.redhat.com/show_bug.cgi?id=2255207

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3fc66f8bf3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: w3m
Product: Fedora 39
Version: 0.5.3
Release: 63.git20230121.fc39
URL:
Summary: Pager with Web browsing abilities

Topics%20covered

Topics Covered

security advisory moderate update Fedora w3m out-of-bounds access

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here