openSUSE Security Update : w3m (openSUSE-2016-1457)

Medium Nessus Plugin ID 95792


The remote openSUSE host is missing a security update.


This update for w3m fixes the following security issues (bsc#1011293) :

- CVE-2016-9622: w3m: null deref (bsc#1012021)

- CVE-2016-9623: w3m: null deref (bsc#1012022)

- CVE-2016-9624: w3m: near-null deref (bsc#1012023)

- CVE-2016-9625: w3m: stack overflow (bsc#1012024)

- CVE-2016-9626: w3m: stack overflow (bsc#1012025)

- CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026)

- CVE-2016-9628: w3m: null deref (bsc#1012027)

- CVE-2016-9629: w3m: null deref (bsc#1012028)

- CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029)

- CVE-2016-9631: w3m: null deref (bsc#1012030)

- CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031)

- CVE-2016-9633: w3m: OOM (bsc#1012032)

- CVE-2016-9434: w3m: null deref (bsc#1011283)

- CVE-2016-9435: w3m: use uninit value (bsc#1011284)

- CVE-2016-9436: w3m: use uninit value (bsc#1011285)

- CVE-2016-9437: w3m: write to rodata (bsc#1011286)

- CVE-2016-9438: w3m: null deref (bsc#1011287)

- CVE-2016-9439: w3m: stack overflow (bsc#1011288)

- CVE-2016-9440: w3m: near-null deref (bsc#1011289)

- CVE-2016-9441: w3m: near-null deref (bsc#1011290)

- CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291)

- CVE-2016-9443: w3m: null deref (bsc#1011292)

This update was imported from the SUSE:SLE-12:Update update project.


Update the affected w3m packages.

See Also

Plugin Details

Severity: Medium

ID: 95792

File Name: openSUSE-2016-1457.nasl

Version: $Revision: 3.2 $

Type: local

Agent: unix

Published: 2016/12/14

Modified: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P


Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:w3m, p-cpe:/a:novell:opensuse:w3m-debuginfo, p-cpe:/a:novell:opensuse:w3m-debugsource, p-cpe:/a:novell:opensuse:w3m-inline-image, p-cpe:/a:novell:opensuse:w3m-inline-image-debuginfo, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2016/12/13

Reference Information

CVE: CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9621, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9630, CVE-2016-9631, CVE-2016-9632, CVE-2016-9633