Detections
Analytics
openSUSE Security Update : w3m (openSUSE-2016-1457)
medium Nessus Plugin ID 95792
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for w3m fixes the following security issues (bsc#1011293) :- CVE-2016-9622: w3m: null deref (bsc#1012021)
- CVE-2016-9623: w3m: null deref (bsc#1012022)
- CVE-2016-9624: w3m: near-null deref (bsc#1012023)
- CVE-2016-9625: w3m: stack overflow (bsc#1012024)
- CVE-2016-9626: w3m: stack overflow (bsc#1012025)
- CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026)
- CVE-2016-9628: w3m: null deref (bsc#1012027)
- CVE-2016-9629: w3m: null deref (bsc#1012028)
- CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029)
- CVE-2016-9631: w3m: null deref (bsc#1012030)
- CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031)
- CVE-2016-9633: w3m: OOM (bsc#1012032)
- CVE-2016-9434: w3m: null deref (bsc#1011283)
- CVE-2016-9435: w3m: use uninit value (bsc#1011284)
- CVE-2016-9436: w3m: use uninit value (bsc#1011285)
- CVE-2016-9437: w3m: write to rodata (bsc#1011286)
- CVE-2016-9438: w3m: null deref (bsc#1011287)
- CVE-2016-9439: w3m: stack overflow (bsc#1011288)
- CVE-2016-9440: w3m: near-null deref (bsc#1011289)
- CVE-2016-9441: w3m: near-null deref (bsc#1011290)
- CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291)
- CVE-2016-9443: w3m: null deref (bsc#1011292)
This update was imported from the SUSE:SLE-12:Update update project.
Solution
Update the affected w3m packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1011283
https://bugzilla.opensuse.org/show_bug.cgi?id=1011284
https://bugzilla.opensuse.org/show_bug.cgi?id=1011285
https://bugzilla.opensuse.org/show_bug.cgi?id=1011286
https://bugzilla.opensuse.org/show_bug.cgi?id=1011287
https://bugzilla.opensuse.org/show_bug.cgi?id=1011288
https://bugzilla.opensuse.org/show_bug.cgi?id=1011289
https://bugzilla.opensuse.org/show_bug.cgi?id=1011290
https://bugzilla.opensuse.org/show_bug.cgi?id=1011291
https://bugzilla.opensuse.org/show_bug.cgi?id=1011292
https://bugzilla.opensuse.org/show_bug.cgi?id=1011293
https://bugzilla.opensuse.org/show_bug.cgi?id=1012021
https://bugzilla.opensuse.org/show_bug.cgi?id=1012022
https://bugzilla.opensuse.org/show_bug.cgi?id=1012023
https://bugzilla.opensuse.org/show_bug.cgi?id=1012024
https://bugzilla.opensuse.org/show_bug.cgi?id=1012025
https://bugzilla.opensuse.org/show_bug.cgi?id=1012026
https://bugzilla.opensuse.org/show_bug.cgi?id=1012027
https://bugzilla.opensuse.org/show_bug.cgi?id=1012028
https://bugzilla.opensuse.org/show_bug.cgi?id=1012029
https://bugzilla.opensuse.org/show_bug.cgi?id=1012030
Plugin Details
Severity: Medium
ID: 95792
File Name: openSUSE-2016-1457.nasl
Version: 3.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/14/2016
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:w3m, p-cpe:/a:novell:opensuse:w3m-debuginfo, p-cpe:/a:novell:opensuse:w3m-debugsource, p-cpe:/a:novell:opensuse:w3m-inline-image, p-cpe:/a:novell:opensuse:w3m-inline-image-debuginfo, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:42.2
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 12/13/2016
Reference Information
CVE: CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9621, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9630, CVE-2016-9631, CVE-2016-9632, CVE-2016-9633