Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 40 w3m Update: FEDORA-2024-aeb75f8b5b Critical Buffer Overflow

fedora
Calendar Grey March 23, 2024
Dist Fedora Esm H88
The recent upstream patch for Fedora's w3m addresses the critical issue of out-of-bounds access, significantly improving security measures.
Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Summary

The w3m program is a pager (or text file viewer) that can also be used

as a text-mode Web browser. W3m features include the following: when

reading an HTML document, you can follow links and view images using

an external image viewer; its internet message mode determines the

type of document from the header; if the Content-Type field of the

document is text/html, the document is displayed as an HTML document;

you can change a URL description like ' in plain

text into a link to that URL.

If you want to display the inline images on w3m, you need to install

w3m-img package as well.

Update Information:

Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Topics%20covered

Topics Covered

security advisory fedora buffer overflow w3m out of bounds

Change Log

* Mon Mar 18 2024 Robert Scheck - 0.5.3-63.git20230121 - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

References


[ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c https://bugzilla.redhat.com/show_bug.cgi?id=2222775 [ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c https://bugzilla.redhat.com/show_bug.cgi?id=2222779 [ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223) https://bugzilla.redhat.com/show_bug.cgi?id=2255207

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-aeb75f8b5b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: w3m
Product: Fedora 40
Version: 0.5.3
Release: 63.git20230121.fc40
URL: https://w3m.sourceforge.net/
Summary: Pager with Web browsing abilities

Topics%20covered

Topics Covered

security advisory fedora buffer overflow w3m out of bounds

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here