This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4:
#1077559 #1077568 #1077572
Cross- CVE-2018-6196 CVE-2018-6197 CVE-2018-6198
Affected Products:
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2018-6196.html
https://www.suse.com/security/cve/CVE-2018-6197.html
https://www.suse.com/security/cve/CVE-2018-6198.html
https://bugzilla.suse.com/1077559
https://bugzilla.suse.com/1077568
https://bugzilla.suse.com/1077572
Get the latest Linux and open source security news straight to your inbox.