SUSE-SU-2019:0776-1: moderate: Security update for w3m

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Mar 27 08:28:29 MDT 2019


   SUSE Security Update: Security update for w3m
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:0776-1
Rating:             moderate
References:         #1077559 #1077568 #1077572 
Cross-References:   CVE-2018-6196 CVE-2018-6197 CVE-2018-6198
                   
Affected Products:
                    SUSE Linux Enterprise Server 12-SP4
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP4
                    SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for w3m fixes several issues.

   These security issues were fixed:

   - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the
     feed_table_block_tag function which did not prevent a negative indent
     value (bsc#1077559)
   - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer
     (bsc#1077568)
   - CVE-2018-6198: w3m did not properly handle temporary files when the
     ~/.w3m directory is unwritable, which allowed a local attacker to craft
     a symlink attack to overwrite arbitrary files (bsc#1077572)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP4:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-776=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-776=1

   - SUSE Linux Enterprise Desktop 12-SP4:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-776=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-776=1



Package List:

   - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):

      w3m-0.5.3.git20161120-161.3.4
      w3m-debuginfo-0.5.3.git20161120-161.3.4
      w3m-debugsource-0.5.3.git20161120-161.3.4

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      w3m-0.5.3.git20161120-161.3.4
      w3m-debuginfo-0.5.3.git20161120-161.3.4
      w3m-debugsource-0.5.3.git20161120-161.3.4

   - SUSE Linux Enterprise Desktop 12-SP4 (x86_64):

      w3m-0.5.3.git20161120-161.3.4
      w3m-debuginfo-0.5.3.git20161120-161.3.4
      w3m-debugsource-0.5.3.git20161120-161.3.4

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      w3m-0.5.3.git20161120-161.3.4
      w3m-debuginfo-0.5.3.git20161120-161.3.4
      w3m-debugsource-0.5.3.git20161120-161.3.4


References:

   https://www.suse.com/security/cve/CVE-2018-6196.html
   https://www.suse.com/security/cve/CVE-2018-6197.html
   https://www.suse.com/security/cve/CVE-2018-6198.html
   https://bugzilla.suse.com/1077559
   https://bugzilla.suse.com/1077568
   https://bugzilla.suse.com/1077572



More information about the sle-updates mailing list