Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Update
patchinfo.9907
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.9907
<patchinfo incident="9907"> <issue id="1077568" tracker="bnc">VUL-1: CVE-2018-6197: w3m: NULL pointer dereference flaw in formUpdateBuffer in form.c</issue> <issue id="1077572" tracker="bnc">VUL-1: CVE-2018-6198: w3m: does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files</issue> <issue id="1077559" tracker="bnc">VUL-1: CVE-2018-6196: w3m: an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value allows for DoS</issue> <issue id="2018-6198" tracker="cve" /> <issue id="2018-6197" tracker="cve" /> <issue id="2018-6196" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>kbabioch</packager> <description>This update for w3m fixes the following issues: Security issues fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) This update was imported from the SUSE:SLE-12:Update update project.</description> <summary>Security update for w3m</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor