w3m-0.5.3.git20161120-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10235 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z w3m-0.5.3.git20161120-1.1 on GA media These are all security issues fixed in the w3m-0.5.3.git20161120-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10235 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10235 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-2074/ SUSE CVE CVE-2010-2074 page https://www.suse.com/security/cve/CVE-2012-4929/ SUSE CVE CVE-2012-4929 page https://www.suse.com/security/cve/CVE-2016-9434/ SUSE CVE CVE-2016-9434 page https://www.suse.com/security/cve/CVE-2016-9435/ SUSE CVE CVE-2016-9435 page https://www.suse.com/security/cve/CVE-2016-9436/ SUSE CVE CVE-2016-9436 page https://www.suse.com/security/cve/CVE-2016-9437/ SUSE CVE CVE-2016-9437 page https://www.suse.com/security/cve/CVE-2016-9438/ SUSE CVE CVE-2016-9438 page https://www.suse.com/security/cve/CVE-2016-9439/ SUSE CVE CVE-2016-9439 page https://www.suse.com/security/cve/CVE-2016-9440/ SUSE CVE CVE-2016-9440 page https://www.suse.com/security/cve/CVE-2016-9441/ SUSE CVE CVE-2016-9441 page https://www.suse.com/security/cve/CVE-2016-9442/ SUSE CVE CVE-2016-9442 page https://www.suse.com/security/cve/CVE-2016-9443/ SUSE CVE CVE-2016-9443 page https://www.suse.com/security/cve/CVE-2016-9621/ SUSE CVE CVE-2016-9621 page https://www.suse.com/security/cve/CVE-2016-9622/ SUSE CVE CVE-2016-9622 page https://www.suse.com/security/cve/CVE-2016-9623/ SUSE CVE CVE-2016-9623 page https://www.suse.com/security/cve/CVE-2016-9624/ SUSE CVE CVE-2016-9624 page https://www.suse.com/security/cve/CVE-2016-9625/ SUSE CVE CVE-2016-9625 page https://www.suse.com/security/cve/CVE-2016-9626/ SUSE CVE CVE-2016-9626 page https://www.suse.com/security/cve/CVE-2016-9627/ SUSE CVE CVE-2016-9627 page https://www.suse.com/security/cve/CVE-2016-9628/ SUSE CVE CVE-2016-9628 page https://www.suse.com/security/cve/CVE-2016-9629/ SUSE CVE CVE-2016-9629 page https://www.suse.com/security/cve/CVE-2016-9630/ SUSE CVE CVE-2016-9630 page https://www.suse.com/security/cve/CVE-2016-9631/ SUSE CVE CVE-2016-9631 page https://www.suse.com/security/cve/CVE-2016-9632/ SUSE CVE CVE-2016-9632 page https://www.suse.com/security/cve/CVE-2016-9633/ SUSE CVE CVE-2016-9633 page openSUSE Tumbleweed w3m-0.5.3.git20161120-1.1 w3m-inline-image-0.5.3.git20161120-1.1 w3m-0.5.3.git20161120-1.1 as a component of openSUSE Tumbleweed w3m-inline-image-0.5.3.git20161120-1.1 as a component of openSUSE Tumbleweed istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2010-2074 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2074.html CVE-2010-2074 https://bugzilla.suse.com/609451 SUSE Bug 609451 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. CVE-2012-4929 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4929.html CVE-2012-4929 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/779952 SUSE Bug 779952 https://bugzilla.suse.com/793420 SUSE Bug 793420 https://bugzilla.suse.com/803004 SUSE Bug 803004 https://bugzilla.suse.com/847895 SUSE Bug 847895 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9434 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9434.html CVE-2016-9434 https://bugzilla.suse.com/1011283 SUSE Bug 1011283 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. CVE-2016-9435 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9435.html CVE-2016-9435 https://bugzilla.suse.com/1011284 SUSE Bug 1011284 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. CVE-2016-9436 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9436.html CVE-2016-9436 https://bugzilla.suse.com/1011285 SUSE Bug 1011285 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. CVE-2016-9437 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9437.html CVE-2016-9437 https://bugzilla.suse.com/1011286 SUSE Bug 1011286 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9438 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9438.html CVE-2016-9438 https://bugzilla.suse.com/1011287 SUSE Bug 1011287 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. CVE-2016-9439 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9439.html CVE-2016-9439 https://bugzilla.suse.com/1011288 SUSE Bug 1011288 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9440 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9440.html CVE-2016-9440 https://bugzilla.suse.com/1011289 SUSE Bug 1011289 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9441 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9441.html CVE-2016-9441 https://bugzilla.suse.com/1011290 SUSE Bug 1011290 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. CVE-2016-9442 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9442.html CVE-2016-9442 https://bugzilla.suse.com/1011291 SUSE Bug 1011291 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9443 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9443.html CVE-2016-9443 https://bugzilla.suse.com/1011292 SUSE Bug 1011292 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-9621 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9621.html CVE-2016-9621 https://bugzilla.suse.com/1011278 SUSE Bug 1011278 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012020 SUSE Bug 1012020 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9622 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9622.html CVE-2016-9622 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012021 SUSE Bug 1012021 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9623 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9623.html CVE-2016-9623 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012022 SUSE Bug 1012022 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9624 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9624.html CVE-2016-9624 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012023 SUSE Bug 1012023 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. CVE-2016-9625 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9625.html CVE-2016-9625 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012024 SUSE Bug 1012024 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. CVE-2016-9626 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9626.html CVE-2016-9626 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012025 SUSE Bug 1012025 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. CVE-2016-9627 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9627.html CVE-2016-9627 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012026 SUSE Bug 1012026 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9628 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9628.html CVE-2016-9628 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012027 SUSE Bug 1012027 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9629 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9629.html CVE-2016-9629 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012028 SUSE Bug 1012028 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. CVE-2016-9630 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9630.html CVE-2016-9630 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012029 SUSE Bug 1012029 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9631 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9631.html CVE-2016-9631 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012030 SUSE Bug 1012030 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. CVE-2016-9632 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9632.html CVE-2016-9632 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012031 SUSE Bug 1012031 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. CVE-2016-9633 openSUSE Tumbleweed:w3m-0.5.3.git20161120-1.1 openSUSE Tumbleweed:w3m-inline-image-0.5.3.git20161120-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9633.html CVE-2016-9633 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012032 SUSE Bug 1012032