Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

SUSE: 2020:0887-2 Moderate: curl Remote Security Update

suse
Calendar Grey March 27, 2019
Dist Suse Esm H88
The SUSE Security Update for w3m tackles a trio of moderate vulnerabilities. It's essential to implement these patches to ensure system integrity.
An update that fixes three vulnerabilities is now available

Summary

This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4:

References

#1077559 #1077568 #1077572

Cross- CVE-2018-6196 CVE-2018-6197 CVE-2018-6198

Affected Products:

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP4

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2018-6196.html

https://www.suse.com/security/cve/CVE-2018-6197.html

https://www.suse.com/security/cve/CVE-2018-6198.html

https://bugzilla.suse.com/1077559

https://bugzilla.suse.com/1077568

https://bugzilla.suse.com/1077572

Announcement ID: SUSE-SU-2019:0776-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.