[SECURITY] [DLA 3541-1] w3m security update

2023-08-2411:48:38

lists.debian.org

dos

web browser

out-of-bounds write

cve-2022-38223

w3m

security update

debian 10

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.4%

JSON

Debian LTS Advisory DLA-3541-1 [email protected]
https://www.debian.org/lts/security/ Sylvain Beucler
August 24, 2023 https://wiki.debian.org/LTS

Package : w3m
Version : 0.5.3-37+deb10u1
CVE ID : CVE-2022-38223
Debian Bug : 1019599

Han Zheng discovered an out-of-bounds write in w3m, a text based web
browser and pager. It can be triggered by sending a crafted HTML file
to the w3m binary. It allows an attacker to cause Denial of Service
(DoS) or possibly have unspecified other impact.

For Debian 10 buster, this problem has been fixed in version
0.5.3-37+deb10u1.

We recommend that you upgrade your w3m packages.

For the detailed security status of w3m please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/w3m

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10armhfw3m< 0.5.3-37+deb10u1w3m_0.5.3-37+deb10u1_armhf.deb
Debian11amd64w3m-img-dbgsym< 0.5.3+git20210102-6+deb11u1w3m-img-dbgsym_0.5.3+git20210102-6+deb11u1_amd64.deb
Debian11mips64elw3m-img-dbgsym< 0.5.3+git20210102-6+deb11u1w3m-img-dbgsym_0.5.3+git20210102-6+deb11u1_mips64el.deb
Debian11armhfw3m-img< 0.5.3+git20210102-6+deb11u1w3m-img_0.5.3+git20210102-6+deb11u1_armhf.deb
Debian10i386w3m-img-dbgsym< 0.5.3-37+deb10u1w3m-img-dbgsym_0.5.3-37+deb10u1_i386.deb
Debian11i386w3m-img-dbgsym< 0.5.3+git20210102-6+deb11u1w3m-img-dbgsym_0.5.3+git20210102-6+deb11u1_i386.deb
Debian10arm64w3m-dbgsym< 0.5.3-37+deb10u1w3m-dbgsym_0.5.3-37+deb10u1_arm64.deb
Debian10amd64w3m-img< 0.5.3-37+deb10u1w3m-img_0.5.3-37+deb10u1_amd64.deb
Debian11ppc64elw3m-img< 0.5.3+git20210102-6+deb11u1w3m-img_0.5.3+git20210102-6+deb11u1_ppc64el.deb
Debian10arm64w3m< 0.5.3-37+deb10u1w3m_0.5.3-37+deb10u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	w3m	< 0.5.3-37+deb10u1	w3m_0.5.3-37+deb10u1_armhf.deb
Debian	11	amd64	w3m-img-dbgsym	< 0.5.3+git20210102-6+deb11u1	w3m-img-dbgsym_0.5.3+git20210102-6+deb11u1_amd64.deb
Debian	11	mips64el	w3m-img-dbgsym	< 0.5.3+git20210102-6+deb11u1	w3m-img-dbgsym_0.5.3+git20210102-6+deb11u1_mips64el.deb
Debian	11	armhf	w3m-img	< 0.5.3+git20210102-6+deb11u1	w3m-img_0.5.3+git20210102-6+deb11u1_armhf.deb
Debian	10	i386	w3m-img-dbgsym	< 0.5.3-37+deb10u1	w3m-img-dbgsym_0.5.3-37+deb10u1_i386.deb
Debian	11	i386	w3m-img-dbgsym	< 0.5.3+git20210102-6+deb11u1	w3m-img-dbgsym_0.5.3+git20210102-6+deb11u1_i386.deb
Debian	10	arm64	w3m-dbgsym	< 0.5.3-37+deb10u1	w3m-dbgsym_0.5.3-37+deb10u1_arm64.deb
Debian	10	amd64	w3m-img	< 0.5.3-37+deb10u1	w3m-img_0.5.3-37+deb10u1_amd64.deb
Debian	11	ppc64el	w3m-img	< 0.5.3+git20210102-6+deb11u1	w3m-img_0.5.3+git20210102-6+deb11u1_ppc64el.deb
Debian	10	arm64	w3m	< 0.5.3-37+deb10u1	w3m_0.5.3-37+deb10u1_arm64.deb