Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Gentoo: GLSA-201401-15 Normal: nginx Information Disclosure Vulnerability

gentoo
Calendar Grey January 12, 2007
Dist Gentoo Esm H88
Discover the high-severity vulnerability in w3m's SSL certificate handling that allows potential code execution or DoS stress on systems, and learn how to patch it
w3m does not correctly handle format string specifiers in SSL certificates.

Summary

Gentoo Linux Security Advisory GLSA 200701-06 https://security.gentoo.org/ Severity: Normal Title: w3m: Format string vulnerability Date: January 12, 2007 Bugs: #159145 ID: 200701-06

Synopsis ======= w3m does not correctly handle format string specifiers in SSL certificates.
Background ========= w3m is a multi-platform text-based web browser.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/w3m < 0.5.1-r4 >= 0.5.1-r4
========== w3m in -dump or -backend mode does not correctly handle printf() format string specifiers in the Common Name (CN) field of an X.509 SSL certificate.
Impact ===== An attacker could entice a user to visit a malicious website ...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround