Security update for w3m

Announcement ID:	SUSE-SU-2016:3053-1
Rating:	moderate
References:	bsc#1011283 bsc#1011284 bsc#1011285 bsc#1011286 bsc#1011287 bsc#1011288 bsc#1011289 bsc#1011290 bsc#1011291 bsc#1011292 bsc#1011293 bsc#1012021 bsc#1012022 bsc#1012023 bsc#1012024 bsc#1012025 bsc#1012026 bsc#1012027 bsc#1012028 bsc#1012029 bsc#1012030 bsc#1012031 bsc#1012032
Cross-References:	CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633
CVSS scores:	CVE-2016-9434 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9435 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9436 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9437 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9438 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9439 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9440 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9441 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9442 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9443 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9622 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9623 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9624 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9625 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9626 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9627 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9628 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9629 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9630 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9631 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9632 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-9633 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2

An update that solves 23 vulnerabilities can now be installed.

Description:

This update for w3m fixes the following issues:

• update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1774=1
• SUSE Linux Enterprise Desktop 12 SP2
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1774=1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1774=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1774=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1774=1
• SUSE Linux Enterprise High Performance Computing 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1774=1
• SUSE Linux Enterprise Server 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1774=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1774=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1
• SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1
• SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1
• SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1
• SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
  • w3m-debugsource-0.5.3.git20161120-160.1
  • w3m-0.5.3.git20161120-160.1
  • w3m-debuginfo-0.5.3.git20161120-160.1

References:

• https://www.suse.com/security/cve/CVE-2016-9434.html
• https://www.suse.com/security/cve/CVE-2016-9435.html
• https://www.suse.com/security/cve/CVE-2016-9436.html
• https://www.suse.com/security/cve/CVE-2016-9437.html
• https://www.suse.com/security/cve/CVE-2016-9438.html
• https://www.suse.com/security/cve/CVE-2016-9439.html
• https://www.suse.com/security/cve/CVE-2016-9440.html
• https://www.suse.com/security/cve/CVE-2016-9441.html
• https://www.suse.com/security/cve/CVE-2016-9442.html
• https://www.suse.com/security/cve/CVE-2016-9443.html
• https://www.suse.com/security/cve/CVE-2016-9621.html
• https://www.suse.com/security/cve/CVE-2016-9622.html
• https://www.suse.com/security/cve/CVE-2016-9623.html
• https://www.suse.com/security/cve/CVE-2016-9624.html
• https://www.suse.com/security/cve/CVE-2016-9625.html
• https://www.suse.com/security/cve/CVE-2016-9626.html
• https://www.suse.com/security/cve/CVE-2016-9627.html
• https://www.suse.com/security/cve/CVE-2016-9628.html
• https://www.suse.com/security/cve/CVE-2016-9629.html
• https://www.suse.com/security/cve/CVE-2016-9630.html
• https://www.suse.com/security/cve/CVE-2016-9631.html
• https://www.suse.com/security/cve/CVE-2016-9632.html
• https://www.suse.com/security/cve/CVE-2016-9633.html
• https://bugzilla.suse.com/show_bug.cgi?id=1011283
• https://bugzilla.suse.com/show_bug.cgi?id=1011284
• https://bugzilla.suse.com/show_bug.cgi?id=1011285
• https://bugzilla.suse.com/show_bug.cgi?id=1011286
• https://bugzilla.suse.com/show_bug.cgi?id=1011287
• https://bugzilla.suse.com/show_bug.cgi?id=1011288
• https://bugzilla.suse.com/show_bug.cgi?id=1011289
• https://bugzilla.suse.com/show_bug.cgi?id=1011290
• https://bugzilla.suse.com/show_bug.cgi?id=1011291
• https://bugzilla.suse.com/show_bug.cgi?id=1011292
• https://bugzilla.suse.com/show_bug.cgi?id=1011293
• https://bugzilla.suse.com/show_bug.cgi?id=1012021
• https://bugzilla.suse.com/show_bug.cgi?id=1012022
• https://bugzilla.suse.com/show_bug.cgi?id=1012023
• https://bugzilla.suse.com/show_bug.cgi?id=1012024
• https://bugzilla.suse.com/show_bug.cgi?id=1012025
• https://bugzilla.suse.com/show_bug.cgi?id=1012026
• https://bugzilla.suse.com/show_bug.cgi?id=1012027
• https://bugzilla.suse.com/show_bug.cgi?id=1012028
• https://bugzilla.suse.com/show_bug.cgi?id=1012029
• https://bugzilla.suse.com/show_bug.cgi?id=1012030
• https://bugzilla.suse.com/show_bug.cgi?id=1012031
• https://bugzilla.suse.com/show_bug.cgi?id=1012032