openSUSE Security Update : w3m (openSUSE-2016-1457)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for w3m fixes the following security issues
(bsc#1011293) :

- CVE-2016-9622: w3m: null deref (bsc#1012021)

- CVE-2016-9623: w3m: null deref (bsc#1012022)

- CVE-2016-9624: w3m: near-null deref (bsc#1012023)

- CVE-2016-9625: w3m: stack overflow (bsc#1012024)

- CVE-2016-9626: w3m: stack overflow (bsc#1012025)

- CVE-2016-9627: w3m: heap overflow read + deref
(bsc#1012026)

- CVE-2016-9628: w3m: null deref (bsc#1012027)

- CVE-2016-9629: w3m: null deref (bsc#1012028)

- CVE-2016-9630: w3m: global-buffer-overflow read
(bsc#1012029)

- CVE-2016-9631: w3m: null deref (bsc#1012030)

- CVE-2016-9632: w3m: global-buffer-overflow read
(bsc#1012031)

- CVE-2016-9633: w3m: OOM (bsc#1012032)

- CVE-2016-9434: w3m: null deref (bsc#1011283)

- CVE-2016-9435: w3m: use uninit value (bsc#1011284)

- CVE-2016-9436: w3m: use uninit value (bsc#1011285)

- CVE-2016-9437: w3m: write to rodata (bsc#1011286)

- CVE-2016-9438: w3m: null deref (bsc#1011287)

- CVE-2016-9439: w3m: stack overflow (bsc#1011288)

- CVE-2016-9440: w3m: near-null deref (bsc#1011289)

- CVE-2016-9441: w3m: near-null deref (bsc#1011290)

- CVE-2016-9442: w3m: potential heap buffer corruption
(bsc#1011291)

- CVE-2016-9443: w3m: null deref (bsc#1011292)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1011283
https://bugzilla.opensuse.org/show_bug.cgi?id=1011284
https://bugzilla.opensuse.org/show_bug.cgi?id=1011285
https://bugzilla.opensuse.org/show_bug.cgi?id=1011286
https://bugzilla.opensuse.org/show_bug.cgi?id=1011287
https://bugzilla.opensuse.org/show_bug.cgi?id=1011288
https://bugzilla.opensuse.org/show_bug.cgi?id=1011289
https://bugzilla.opensuse.org/show_bug.cgi?id=1011290
https://bugzilla.opensuse.org/show_bug.cgi?id=1011291
https://bugzilla.opensuse.org/show_bug.cgi?id=1011292
https://bugzilla.opensuse.org/show_bug.cgi?id=1011293
https://bugzilla.opensuse.org/show_bug.cgi?id=1012021
https://bugzilla.opensuse.org/show_bug.cgi?id=1012022
https://bugzilla.opensuse.org/show_bug.cgi?id=1012023
https://bugzilla.opensuse.org/show_bug.cgi?id=1012024
https://bugzilla.opensuse.org/show_bug.cgi?id=1012025
https://bugzilla.opensuse.org/show_bug.cgi?id=1012026
https://bugzilla.opensuse.org/show_bug.cgi?id=1012027
https://bugzilla.opensuse.org/show_bug.cgi?id=1012028
https://bugzilla.opensuse.org/show_bug.cgi?id=1012029
https://bugzilla.opensuse.org/show_bug.cgi?id=1012030
https://bugzilla.opensuse.org/show_bug.cgi?id=1012031
https://bugzilla.opensuse.org/show_bug.cgi?id=1012032

Solution :

Update the affected w3m packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)