Bugzilla – Bug 1077568
VUL-1: CVE-2018-6197: w3m: NULL pointer dereference flaw in formUpdateBuffer in form.c
Last modified: 2020-07-10 15:01:59 UTC
CVE-2018-6197 w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. Reproducer (requires ASAN, does not work without): w3m -T text/html -dump CVE-2018-6197 Affected codestreams: SUSE:SLE-12:Update, SUSE:SLE-11-SP1:Update, SUSE:SLE-10-SP3:Update References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6197 https://github.com/tats/w3m/issues/89 https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-02-09. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63953
(In reply to Swamp Workflow Management from comment #3) > An update workflow for this issue was started. > This issue was rated as moderate. > Please submit fixed packages until 2018-02-09. > When done, reassign the bug to security-team@suse.de. > https://swamp.suse.de/webswamp/wf/63953 An update to factory has been submitted and accepted: https://build.opensuse.org/request/show/569801 Reassigning to security-team.
SUSE-SU-2019:0776-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1077559,1077568,1077572 CVE References: CVE-2018-6196,CVE-2018-6197,CVE-2018-6198 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): w3m-0.5.3.git20161120-161.3.4 SUSE Linux Enterprise Server 12-SP3 (src): w3m-0.5.3.git20161120-161.3.4 SUSE Linux Enterprise Desktop 12-SP4 (src): w3m-0.5.3.git20161120-161.3.4 SUSE Linux Enterprise Desktop 12-SP3 (src): w3m-0.5.3.git20161120-161.3.4 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1142-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1077559,1077568,1077572 CVE References: CVE-2018-6196,CVE-2018-6197,CVE-2018-6198 Sources used: openSUSE Leap 42.3 (src): w3m-0.5.3.git20161120-164.3.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:14382-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1077559,1077568,1077572 CVE References: CVE-2018-6196,CVE-2018-6197,CVE-2018-6198 Sources used: SUSE Linux Enterprise Debuginfo 11-SP4 (src): w3m-0.5.3.git20161120-5.3.37 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done