Bugzilla – Bug 1011284
VUL-0: CVE-2016-9435: w3m: use uninit value
Last modified: 2018-12-12 07:40:11 UTC
w3m: multiple vulnerabilities http://seclists.org/oss-sec/2016/q4/452 valgrind found many issues about uninitialised value Issue: https://github.com/tats/w3m/issues/16 Use CVE-2016-9435 for the problem fixed by the new conditional PUSH_ENV(HTML_DL) call in file.c in https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
bugbot adjusting priority
SUSE-SU-2016:3046-1: An update that fixes 28 vulnerabilities is now available. Category: security (moderate) Bug References: 1011269,1011270,1011271,1011272,1011283,1011284,1011285,1011286,1011287,1011288,1011289,1011290,1011291,1011292,1011293,1012020,1012021,1012022,1012023,1012024,1012025,1012026,1012027,1012028,1012029,1012030,1012031,1012032 CVE References: CVE-2010-2074,CVE-2016-9422,CVE-2016-9423,CVE-2016-9424,CVE-2016-9425,CVE-2016-9434,CVE-2016-9435,CVE-2016-9436,CVE-2016-9437,CVE-2016-9438,CVE-2016-9439,CVE-2016-9440,CVE-2016-9441,CVE-2016-9442,CVE-2016-9443,CVE-2016-9621,CVE-2016-9622,CVE-2016-9623,CVE-2016-9624,CVE-2016-9625,CVE-2016-9626,CVE-2016-9627,CVE-2016-9628,CVE-2016-9629,CVE-2016-9630,CVE-2016-9631,CVE-2016-9632,CVE-2016-9633 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): w3m-0.5.3.git20161120-4.1
SUSE-SU-2016:3053-1: An update that fixes 23 vulnerabilities is now available. Category: security (moderate) Bug References: 1011283,1011284,1011285,1011286,1011287,1011288,1011289,1011290,1011291,1011292,1011293,1012021,1012022,1012023,1012024,1012025,1012026,1012027,1012028,1012029,1012030,1012031,1012032 CVE References: CVE-2016-9434,CVE-2016-9435,CVE-2016-9436,CVE-2016-9437,CVE-2016-9438,CVE-2016-9439,CVE-2016-9440,CVE-2016-9441,CVE-2016-9442,CVE-2016-9443,CVE-2016-9621,CVE-2016-9622,CVE-2016-9623,CVE-2016-9624,CVE-2016-9625,CVE-2016-9626,CVE-2016-9627,CVE-2016-9628,CVE-2016-9629,CVE-2016-9630,CVE-2016-9631,CVE-2016-9632,CVE-2016-9633 Sources used: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): w3m-0.5.3.git20161120-160.1 SUSE Linux Enterprise Server 12-SP2 (src): w3m-0.5.3.git20161120-160.1 SUSE Linux Enterprise Server 12-SP1 (src): w3m-0.5.3.git20161120-160.1 SUSE Linux Enterprise Desktop 12-SP2 (src): w3m-0.5.3.git20161120-160.1 SUSE Linux Enterprise Desktop 12-SP1 (src): w3m-0.5.3.git20161120-160.1
openSUSE-SU-2016:3121-1: An update that fixes 23 vulnerabilities is now available. Category: security (moderate) Bug References: 1011283,1011284,1011285,1011286,1011287,1011288,1011289,1011290,1011291,1011292,1011293,1012021,1012022,1012023,1012024,1012025,1012026,1012027,1012028,1012029,1012030,1012031,1012032 CVE References: CVE-2016-9434,CVE-2016-9435,CVE-2016-9436,CVE-2016-9437,CVE-2016-9438,CVE-2016-9439,CVE-2016-9440,CVE-2016-9441,CVE-2016-9442,CVE-2016-9443,CVE-2016-9621,CVE-2016-9622,CVE-2016-9623,CVE-2016-9624,CVE-2016-9625,CVE-2016-9626,CVE-2016-9627,CVE-2016-9628,CVE-2016-9629,CVE-2016-9630,CVE-2016-9631,CVE-2016-9632,CVE-2016-9633 Sources used: openSUSE Leap 42.2 (src): w3m-0.5.3.git20161120-160.1 openSUSE Leap 42.1 (src): w3m-0.5.3.git20161120-161.1
closing
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2017-06-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63652