w3m-0.5.3+git20180125-1.14 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11504 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z w3m-0.5.3+git20180125-1.14 on GA media These are all security issues fixed in the w3m-0.5.3+git20180125-1.14 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11504 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11504 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-6772/ SUSE CVE CVE-2006-6772 page https://www.suse.com/security/cve/CVE-2018-6196/ SUSE CVE CVE-2018-6196 page https://www.suse.com/security/cve/CVE-2018-6197/ SUSE CVE CVE-2018-6197 page https://www.suse.com/security/cve/CVE-2018-6198/ SUSE CVE CVE-2018-6198 page openSUSE Tumbleweed w3m-0.5.3+git20180125-1.14 w3m-inline-image-0.5.3+git20180125-1.14 w3m-0.5.3+git20180125-1.14 as a component of openSUSE Tumbleweed w3m-inline-image-0.5.3+git20180125-1.14 as a component of openSUSE Tumbleweed Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL. CVE-2006-6772 openSUSE Tumbleweed:w3m-0.5.3+git20180125-1.14 openSUSE Tumbleweed:w3m-inline-image-0.5.3+git20180125-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-6772.html CVE-2006-6772 https://bugzilla.suse.com/230775 SUSE Bug 230775 w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. CVE-2018-6196 openSUSE Tumbleweed:w3m-0.5.3+git20180125-1.14 openSUSE Tumbleweed:w3m-inline-image-0.5.3+git20180125-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6196.html CVE-2018-6196 https://bugzilla.suse.com/1077559 SUSE Bug 1077559 https://bugzilla.suse.com/1189667 SUSE Bug 1189667 w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. CVE-2018-6197 openSUSE Tumbleweed:w3m-0.5.3+git20180125-1.14 openSUSE Tumbleweed:w3m-inline-image-0.5.3+git20180125-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6197.html CVE-2018-6197 https://bugzilla.suse.com/1077559 SUSE Bug 1077559 https://bugzilla.suse.com/1077568 SUSE Bug 1077568 https://bugzilla.suse.com/1189667 SUSE Bug 1189667 w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. CVE-2018-6198 openSUSE Tumbleweed:w3m-0.5.3+git20180125-1.14 openSUSE Tumbleweed:w3m-inline-image-0.5.3+git20180125-1.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6198.html CVE-2018-6198 https://bugzilla.suse.com/1077559 SUSE Bug 1077559 https://bugzilla.suse.com/1077572 SUSE Bug 1077572