Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0105)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0105

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0105)

Resumen: The remote host is missing an update for the 'w3m' package(s) announced via the MGASA-2024-0105 advisory.

Descripción: Summary:
The remote host is missing an update for the 'w3m' package(s) announced via the MGASA-2024-0105 advisory.

Vulnerability Insight:
An out-of-bounds read flaw was found in w3m, in the Strnew_size function
in Str.c. This issue may allow an attacker to cause a denial of service
through a crafted HTML file. (CVE-2023-38252)
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str
function in indep.c. This issue may allow an attacker to cause a denial
of service through a crafted HTML file. (CVE-2023-38253)
An out-of-bounds write issue has been discovered in the backspace
handling of the checkType() function in etc.c within the W3M
application. This vulnerability is triggered by supplying a specially
crafted HTML file to the w3m binary. Exploitation of this flaw could
lead to application crashes, resulting in a denial of service condition.
(CVE-2023-4255)

Affected Software/OS:
'w3m' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-38252
RHBZ#2222775
https://bugzilla.redhat.com/show_bug.cgi?id=2222775
https://access.redhat.com/security/cve/CVE-2023-38252
https://github.com/tats/w3m/issues/270
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
Common Vulnerability Exposure (CVE) ID: CVE-2023-38253
RHBZ#2222779
https://bugzilla.redhat.com/show_bug.cgi?id=2222779
https://access.redhat.com/security/cve/CVE-2023-38253
https://github.com/tats/w3m/issues/271
Common Vulnerability Exposure (CVE) ID: CVE-2023-4255
RHBZ#2255207
https://bugzilla.redhat.com/show_bug.cgi?id=2255207
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
https://github.com/tats/w3m/issues/268
https://github.com/tats/w3m/pull/273

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0105
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0105)
Resumen:	The remote host is missing an update for the 'w3m' package(s) announced via the MGASA-2024-0105 advisory.
Descripción:	Summary: The remote host is missing an update for the 'w3m' package(s) announced via the MGASA-2024-0105 advisory. Vulnerability Insight: An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. (CVE-2023-38252) An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. (CVE-2023-38253) An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. (CVE-2023-4255) Affected Software/OS: 'w3m' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-38252 RHBZ#2222775 https://bugzilla.redhat.com/show_bug.cgi?id=2222775 https://access.redhat.com/security/cve/CVE-2023-38252 https://github.com/tats/w3m/issues/270 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/ Common Vulnerability Exposure (CVE) ID: CVE-2023-38253 RHBZ#2222779 https://bugzilla.redhat.com/show_bug.cgi?id=2222779 https://access.redhat.com/security/cve/CVE-2023-38253 https://github.com/tats/w3m/issues/271 Common Vulnerability Exposure (CVE) ID: CVE-2023-4255 RHBZ#2255207 https://bugzilla.redhat.com/show_bug.cgi?id=2255207 https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 https://github.com/tats/w3m/issues/268 https://github.com/tats/w3m/pull/273
Copyright	Copyright (C) 2024 Greenbone AG