remote denial of service, remote code execution in w3m

2007-01-1017:11:58

lists.opensuse.org

0.127 Low

EPSS

Percentile

95.5%

JSON

A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code.

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
openSUSE10.1x86_64w3m< 0.5.1-19.5w3m-0.5.1-19.5.x86_64.rpm
SUSE Linux Enterprise Server10s390xw3m< 0.5.1-19.5w3m-0.5.1-19.5.s390x.rpm
openSUSE10.2i586w3m< 0.5.1-41.2w3m-0.5.1-41.2.i586.rpm
openSUSE10.0ppcw3m< 0.5.1-6.2w3m-0.5.1-6.2.ppc.rpm
openSUSE10.0i586w3m< 0.5.1-6.2w3m-0.5.1-6.2.i586.rpm
openSUSE10.2ppcw3m< 0.5.1-41.2w3m-0.5.1-41.2.ppc.rpm
openSUSE10.2x86_64w3m< 0.5.1-41.2w3m-0.5.1-41.2.x86_64.rpm
openSUSE10.0x86_64w3m< 0.5.1-6.2w3m-0.5.1-6.2.x86_64.rpm
openSUSE10.1ppcw3m< 0.5.1-19.5w3m-0.5.1-19.5.ppc.rpm
openSUSE9.3x86_64w3m< 0.5.1-4.2w3m-0.5.1-4.2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	10.1	x86_64	w3m	< 0.5.1-19.5	w3m-0.5.1-19.5.x86_64.rpm
SUSE Linux Enterprise Server	10	s390x	w3m	< 0.5.1-19.5	w3m-0.5.1-19.5.s390x.rpm
openSUSE	10.2	i586	w3m	< 0.5.1-41.2	w3m-0.5.1-41.2.i586.rpm
openSUSE	10.0	ppc	w3m	< 0.5.1-6.2	w3m-0.5.1-6.2.ppc.rpm
openSUSE	10.0	i586	w3m	< 0.5.1-6.2	w3m-0.5.1-6.2.i586.rpm
openSUSE	10.2	ppc	w3m	< 0.5.1-41.2	w3m-0.5.1-41.2.ppc.rpm
openSUSE	10.2	x86_64	w3m	< 0.5.1-41.2	w3m-0.5.1-41.2.x86_64.rpm
openSUSE	10.0	x86_64	w3m	< 0.5.1-6.2	w3m-0.5.1-6.2.x86_64.rpm
openSUSE	10.1	ppc	w3m	< 0.5.1-19.5	w3m-0.5.1-19.5.ppc.rpm
openSUSE	9.3	x86_64	w3m	< 0.5.1-4.2	w3m-0.5.1-4.2.x86_64.rpm

Rows per page:

1-10 of 121

0.127 Low

EPSS

Percentile

95.5%

JSON

Related for SUSE-SA:2007:005