https://bugzilla.redhat.com/show_bug.cgi?id=1324348
Bug ID: 1324348 Summary: w3m: denial of service with crafted html files Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: eng-i18n-bugs@redhat.com, i18n-bugs@lists.fedoraproject.org, michel@michel-slm.name, pnemade@redhat.com
A vulnerability was found in w3m package. A maliciously crafted html file opened with specific command could cause the application to crash.
Original bug report (reproducer attached):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820162
https://bugzilla.redhat.com/show_bug.cgi?id=1324348
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1324349 Depends On| |1324350
--- Comment #1 from Andrej Nemec anemec@redhat.com ---
Created w3m tracking bugs for this issue:
Affects: fedora-all [bug 1324349] Affects: epel-7 [bug 1324350]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1324349 [Bug 1324349] w3m: denial of service with crafted html files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1324350 [Bug 1324350] w3m: denial of service with crafted html files [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1324348
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1324351
https://bugzilla.redhat.com/show_bug.cgi?id=1324348 Bug 1324348 depends on bug 1324349, which changed state.
Bug 1324349 Summary: w3m: denial of service with crafted html files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1324349
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1324348
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0406,reported=20160406,sour |0406,reported=20160406,sour |ce=debian,cvss2=4.3/AV:N/AC |ce=debian,cvss2=4.3/AV:N/AC |:M/Au:N/C:N/I:N/A:P,fedora- |:M/Au:N/C:N/I:N/A:P,fedora- |all/w3m=affected,epel-6/ema |all/w3m=affected,epel-6/ema |cs-common-w3m=new,epel-7/w3 |cs-common-w3m=affected,epel |m=affected,rhel-5/w3m=affec |-7/w3m=affected,rhel-5/w3m= |ted,rhel-6/w3m=affected |affected,rhel-6/w3m=affecte | |d
https://bugzilla.redhat.com/show_bug.cgi?id=1324348
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1336287
--- Comment #2 from Huzaifa S. Sidhpurwala huzaifas@redhat.com ---
Created emacs-common-w3m tracking bugs for this issue:
Affects: epel-6 [bug 1336287]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1336287 [Bug 1336287] emacs-common-w3m: w3m: denial of service with crafted html files [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1324348
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0406,reported=20160406,sour |0406,reported=20160406,sour |ce=debian,cvss2=4.3/AV:N/AC |ce=debian,cvss2=4.3/AV:N/AC |:M/Au:N/C:N/I:N/A:P,fedora- |:M/Au:N/C:N/I:N/A:P,fedora- |all/w3m=affected,epel-6/ema |all/w3m=affected,epel-6/ema |cs-common-w3m=affected,epel |cs-common-w3m=affected,epel |-7/w3m=affected,rhel-5/w3m= |-7/w3m=affected,rhel-5/w3m= |affected,rhel-6/w3m=affecte |wontfix,rhel-6/w3m=wontfix |d |
https://bugzilla.redhat.com/show_bug.cgi?id=1324348
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2016-05-16 02:09:08
https://bugzilla.redhat.com/show_bug.cgi?id=1324348
--- Comment #3 from Fedora Update System updates@fedoraproject.org --- w3m-0.5.3-20.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1324348 Bug 1324348 depends on bug 1324350, which changed state.
Bug 1324350 Summary: w3m: denial of service with crafted html files [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1324350
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1324348 Bug 1324348 depends on bug 1336287, which changed state.
Bug 1336287 Summary: emacs-common-w3m: w3m: denial of service with crafted html files [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1336287
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
i18n-bugs@lists.fedoraproject.org
-
Red Hat Bugzilla