Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2020:14383-2 Critical Update for curl Security Fix Released

suse
Calendar Grey June 3, 2020
Dist Suse Esm H88
The latest SUSE Security Patch for w3m addresses several moderate vulnerabilities, providing detailed guidance for users on how to implement the update.
An update that fixes three vulnerabilities is now available

Summary

This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4:

References

#1077559 #1077568 #1077572

Cross- CVE-2018-6196 CVE-2018-6197 CVE-2018-6198

Affected Products:

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2018-6196.html

https://www.suse.com/security/cve/CVE-2018-6197.html

https://www.suse.com/security/cve/CVE-2018-6198.html

https://bugzilla.suse.com/1077559

https://bugzilla.suse.com/1077568

https://bugzilla.suse.com/1077572

Announcement ID: SUSE-SU-2020:14382-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here