UbuntuUpdates.org

Package "w3m"

Name: w3m

Description:

WWW browsable pager with excellent tables/frames support

Latest version: 0.5.3-26ubuntu0.2
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://sourceforge.net/projects/w3m/

Links


Download "w3m"


Other versions of "w3m" in Xenial

Repository Area Version
base universe 0.5.3-26build1
updates universe 0.5.3-26ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.5.3-26ubuntu0.2 2018-02-01 16:06:38 UTC

  w3m (0.5.3-26ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Infinite recursion flaw in HTMLlineproc0
    - debian/patches/CVE-2018-6196.patch: prevent negative indent value
      in table.c.
    - CVE-2018-6196
  * SECURITY UPDATE: NULL pointer dereference flaw in formUpdateBuffer
    - debian/patches/CVE-2018-6197.patch: prevent invalid columnPos() call
      in form.c.
    - CVE-2018-6197
  * SECURITY UPDATE: does not properly handle temp files
    - debian/patches/CVE-218-6198.patch: make temp directory safely
      in config.h.dist, config.h.in, configure, configure.ac, main.c and rc.c.
    - CVE-2018-6198

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 30 Jan 2018 16:24:07 -0300

Source diff to previous version
CVE-2018-6196 w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a neg
CVE-2018-6197 w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
CVE-2018-6198 w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink

Version: 0.5.3-26ubuntu0.1 2017-03-02 15:06:39 UTC

  w3m (0.5.3-26ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: backport large quantity of security fixes from
      Debian's 0.5.3-19+deb8u1 release. Thanks to Tatsuya Kinoshita.
    - CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425,
      CVE-2016-9426, CVE-2016-9428, CVE-2016-9429, CVE-2016-9430,
      CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434,
      CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438,
      CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442,
      CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624,
      CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628,
      CVE-2016-9629, CVE-2016-9630, CVE-2016-9631, CVE-2016-9632,
      CVE-2016-9633

 -- Marc Deslauriers <email address hidden> Wed, 01 Mar 2017 14:10:28 -0500

CVE-2016-9422 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of
CVE-2016-9423 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denia
CVE-2016-9424 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows rem
CVE-2016-9425 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows
CVE-2016-9426 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows r
CVE-2016-9428 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows
CVE-2016-9429 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote atta
CVE-2016-9430 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9431 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9432 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruptio
CVE-2016-9433 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds ar
CVE-2016-9434 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9435 The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the a
CVE-2016-9436 parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted
CVE-2016-9437 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9438 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9439 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9440 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9441 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9442 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditio
CVE-2016-9443 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9622 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9623 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9624 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9625 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9626 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9627 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer over
CVE-2016-9628 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9629 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9630 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer ov
CVE-2016-9631 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9632 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer ov
CVE-2016-9633 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop an



About   -   Send Feedback to @ubuntu_updates