openSUSE Security Update : w3m (openSUSE-2016-1457)

medium Nessus Plugin ID 95792

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for w3m fixes the following security issues (bsc#1011293) :

- CVE-2016-9622: w3m: null deref (bsc#1012021)

- CVE-2016-9623: w3m: null deref (bsc#1012022)

- CVE-2016-9624: w3m: near-null deref (bsc#1012023)

- CVE-2016-9625: w3m: stack overflow (bsc#1012024)

- CVE-2016-9626: w3m: stack overflow (bsc#1012025)

- CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026)

- CVE-2016-9628: w3m: null deref (bsc#1012027)

- CVE-2016-9629: w3m: null deref (bsc#1012028)

- CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029)

- CVE-2016-9631: w3m: null deref (bsc#1012030)

- CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031)

- CVE-2016-9633: w3m: OOM (bsc#1012032)

- CVE-2016-9434: w3m: null deref (bsc#1011283)

- CVE-2016-9435: w3m: use uninit value (bsc#1011284)

- CVE-2016-9436: w3m: use uninit value (bsc#1011285)

- CVE-2016-9437: w3m: write to rodata (bsc#1011286)

- CVE-2016-9438: w3m: null deref (bsc#1011287)

- CVE-2016-9439: w3m: stack overflow (bsc#1011288)

- CVE-2016-9440: w3m: near-null deref (bsc#1011289)

- CVE-2016-9441: w3m: near-null deref (bsc#1011290)

- CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291)

- CVE-2016-9443: w3m: null deref (bsc#1011292)

This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected w3m packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1011283

https://bugzilla.opensuse.org/show_bug.cgi?id=1011284

https://bugzilla.opensuse.org/show_bug.cgi?id=1011285

https://bugzilla.opensuse.org/show_bug.cgi?id=1011286

https://bugzilla.opensuse.org/show_bug.cgi?id=1011287

https://bugzilla.opensuse.org/show_bug.cgi?id=1011288

https://bugzilla.opensuse.org/show_bug.cgi?id=1011289

https://bugzilla.opensuse.org/show_bug.cgi?id=1011290

https://bugzilla.opensuse.org/show_bug.cgi?id=1011291

https://bugzilla.opensuse.org/show_bug.cgi?id=1011292

https://bugzilla.opensuse.org/show_bug.cgi?id=1011293

https://bugzilla.opensuse.org/show_bug.cgi?id=1012021

https://bugzilla.opensuse.org/show_bug.cgi?id=1012022

https://bugzilla.opensuse.org/show_bug.cgi?id=1012023

https://bugzilla.opensuse.org/show_bug.cgi?id=1012024

https://bugzilla.opensuse.org/show_bug.cgi?id=1012025

https://bugzilla.opensuse.org/show_bug.cgi?id=1012026

https://bugzilla.opensuse.org/show_bug.cgi?id=1012027

https://bugzilla.opensuse.org/show_bug.cgi?id=1012028

https://bugzilla.opensuse.org/show_bug.cgi?id=1012029

https://bugzilla.opensuse.org/show_bug.cgi?id=1012030

https://bugzilla.opensuse.org/show_bug.cgi?id=1012031

https://bugzilla.opensuse.org/show_bug.cgi?id=1012032

Plugin Details

Severity: Medium

ID: 95792

File Name: openSUSE-2016-1457.nasl

Version: 3.4

Type: local

Agent: unix

Published: 12/14/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:w3m, p-cpe:/a:novell:opensuse:w3m-debuginfo, p-cpe:/a:novell:opensuse:w3m-debugsource, p-cpe:/a:novell:opensuse:w3m-inline-image, p-cpe:/a:novell:opensuse:w3m-inline-image-debuginfo, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/13/2016

Reference Information

CVE: CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9621, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9630, CVE-2016-9631, CVE-2016-9632, CVE-2016-9633