First Last Prev Next    This bug is not in your last search results.
Bug 1011270 - (CVE-2016-9423) VUL-0: CVE-2016-9423: w3m: buffer overflow
(CVE-2016-9423)
VUL-0: CVE-2016-9423: w3m: buffer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Thomas Blume
Security Team bot
https://smash.suse.de/issue/176536/
CVSSv2:NVD:CVE-2016-9423:6.8:(AV:N/AC...
:
Depends on:
Blocks: 1011293
  Show dependency treegraph
 
Reported: 2016-11-21 11:58 UTC by Alexander Bergmann
Modified: 2019-12-02 15:38 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-11-21 11:58:21 UTC 
w3m: multiple vulnerabilities
http://seclists.org/oss-sec/2016/q4/452

malform html tag may crash w3m

Issue: https://github.com/tats/w3m/issues/9

Note that both issues/9 and issues/10 are fixed by 9f0bdcfdf061db3520bd1f112bdc5e83acdec4be; however, they are different vulnerabilities.
Comment 1 Swamp Workflow Management 2016-11-21 22:57:51 UTC 
bugbot adjusting priority
Comment 2 Alexander Bergmann 2016-11-22 08:07:26 UTC 
Upstream Fix:
https://github.com/tats/w3m/commit/9f0bdcfdf061db3520bd1f112bdc5e83acdec4be
Comment 3 Swamp Workflow Management 2016-12-07 19:11:15 UTC 
SUSE-SU-2016:3046-1: An update that fixes 28 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1011269,1011270,1011271,1011272,1011283,1011284,1011285,1011286,1011287,1011288,1011289,1011290,1011291,1011292,1011293,1012020,1012021,1012022,1012023,1012024,1012025,1012026,1012027,1012028,1012029,1012030,1012031,1012032
CVE References: CVE-2010-2074,CVE-2016-9422,CVE-2016-9423,CVE-2016-9424,CVE-2016-9425,CVE-2016-9434,CVE-2016-9435,CVE-2016-9436,CVE-2016-9437,CVE-2016-9438,CVE-2016-9439,CVE-2016-9440,CVE-2016-9441,CVE-2016-9442,CVE-2016-9443,CVE-2016-9621,CVE-2016-9622,CVE-2016-9623,CVE-2016-9624,CVE-2016-9625,CVE-2016-9626,CVE-2016-9627,CVE-2016-9628,CVE-2016-9629,CVE-2016-9630,CVE-2016-9631,CVE-2016-9632,CVE-2016-9633
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    w3m-0.5.3.git20161120-4.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    w3m-0.5.3.git20161120-4.1
Comment 4 Thomas Blume 2017-05-11 07:45:51 UTC 
closing
First Last Prev Next    This bug is not in your last search results.