 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.59451 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 5 FEDORA-2007-078 (w3m) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to w3m announced via advisory FEDORA-2007-078. The w3m program is a pager (or text file viewer) that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer its internet message mode determines the type of document from the header if the Content-Type field of the document is text/html, the document is displayed as an HTML document you can change a URL description like 'http://hogege.net' in plain text into a link to that URL. If you want to display the inline images on w3m, you need to install w3m-img package as well. Update Information: - Resolves: rh#221484: CVE-2006-6772 w3m is vulnerable to format string attack via CN field of SSL/TLS certificate when infoked with -dump/-backend * Mon Jan 15 2007 Parag Nemade - 0.5.1-15 - Resolves: rh#221484: CVE-2006-6772 w3m is vulnerable to format string attack via CN field of SSL/TLS certificate when infoked with -dump/-backend * Wed Jul 12 2006 Jesse Keating - 0.5.1-14.1 - rebuild * Sat Jun 24 2006 Jesse Keating - 0.5.1-14 - Fix missing br gettext-devel, automake * Mon Mar 6 2006 Akira TAGOH - 0.5.1-13 - w3m-multilib.patch: fixed to link 64bit version of libnsl.so. (#182408) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-078 Risk factor : Critical CVSS Score: 9.3 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-6772 BugTraq ID: 21735 http://www.securityfocus.com/bid/21735 BugTraq ID: 24332 http://www.securityfocus.com/bid/24332 http://fedoranews.org/cms/node/2415 http://fedoranews.org/cms/node/2416 http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html http://security.gentoo.org/glsa/glsa-200701-06.xml http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html http://securitytracker.com/id?1017440 http://secunia.com/advisories/23492 http://secunia.com/advisories/23588 http://secunia.com/advisories/23717 http://secunia.com/advisories/23773 http://secunia.com/advisories/23792 SuSE Security Announcement: SUSE-SA:2007:005 (Google Search) http://www.novell.com/linux/security/advisories/2007_05_w3m.html http://www.ubuntu.com/usn/usn-399-1 http://www.vupen.com/english/advisories/2006/5164 XForce ISS Database: w3m-certificate-format-string(31114) https://exchange.xforce.ibmcloud.com/vulnerabilities/31114 XForce ISS Database: w3m-inputanswer-format-string(34821) https://exchange.xforce.ibmcloud.com/vulnerabilities/34821 |
| Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |