Security update for w3m SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3046-1 Final 1 1 2016-12-07T15:45:29Z current 2016-12-07T15:45:29Z 2016-12-07T15:45:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for w3m This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp4-w3m-12875 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ Link for SUSE-SU-2016:3046-1 https://lists.suse.com/pipermail/sle-security-updates/2016-December/002449.html E-Mail link for SUSE-SU-2016:3046-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1011269 SUSE Bug 1011269 https://bugzilla.suse.com/1011270 SUSE Bug 1011270 https://bugzilla.suse.com/1011271 SUSE Bug 1011271 https://bugzilla.suse.com/1011272 SUSE Bug 1011272 https://bugzilla.suse.com/1011283 SUSE Bug 1011283 https://bugzilla.suse.com/1011284 SUSE Bug 1011284 https://bugzilla.suse.com/1011285 SUSE Bug 1011285 https://bugzilla.suse.com/1011286 SUSE Bug 1011286 https://bugzilla.suse.com/1011287 SUSE Bug 1011287 https://bugzilla.suse.com/1011288 SUSE Bug 1011288 https://bugzilla.suse.com/1011289 SUSE Bug 1011289 https://bugzilla.suse.com/1011290 SUSE Bug 1011290 https://bugzilla.suse.com/1011291 SUSE Bug 1011291 https://bugzilla.suse.com/1011292 SUSE Bug 1011292 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012020 SUSE Bug 1012020 https://bugzilla.suse.com/1012021 SUSE Bug 1012021 https://bugzilla.suse.com/1012022 SUSE Bug 1012022 https://bugzilla.suse.com/1012023 SUSE Bug 1012023 https://bugzilla.suse.com/1012024 SUSE Bug 1012024 https://bugzilla.suse.com/1012025 SUSE Bug 1012025 https://bugzilla.suse.com/1012026 SUSE Bug 1012026 https://bugzilla.suse.com/1012027 SUSE Bug 1012027 https://bugzilla.suse.com/1012028 SUSE Bug 1012028 https://bugzilla.suse.com/1012029 SUSE Bug 1012029 https://bugzilla.suse.com/1012030 SUSE Bug 1012030 https://bugzilla.suse.com/1012031 SUSE Bug 1012031 https://bugzilla.suse.com/1012032 SUSE Bug 1012032 https://www.suse.com/security/cve/CVE-2010-2074/ SUSE CVE CVE-2010-2074 page https://www.suse.com/security/cve/CVE-2016-9422/ SUSE CVE CVE-2016-9422 page https://www.suse.com/security/cve/CVE-2016-9423/ SUSE CVE CVE-2016-9423 page https://www.suse.com/security/cve/CVE-2016-9424/ SUSE CVE CVE-2016-9424 page https://www.suse.com/security/cve/CVE-2016-9425/ SUSE CVE CVE-2016-9425 page https://www.suse.com/security/cve/CVE-2016-9434/ SUSE CVE CVE-2016-9434 page https://www.suse.com/security/cve/CVE-2016-9435/ SUSE CVE CVE-2016-9435 page https://www.suse.com/security/cve/CVE-2016-9436/ SUSE CVE CVE-2016-9436 page https://www.suse.com/security/cve/CVE-2016-9437/ SUSE CVE CVE-2016-9437 page https://www.suse.com/security/cve/CVE-2016-9438/ SUSE CVE CVE-2016-9438 page https://www.suse.com/security/cve/CVE-2016-9439/ SUSE CVE CVE-2016-9439 page https://www.suse.com/security/cve/CVE-2016-9440/ SUSE CVE CVE-2016-9440 page https://www.suse.com/security/cve/CVE-2016-9441/ SUSE CVE CVE-2016-9441 page https://www.suse.com/security/cve/CVE-2016-9442/ SUSE CVE CVE-2016-9442 page https://www.suse.com/security/cve/CVE-2016-9443/ SUSE CVE CVE-2016-9443 page https://www.suse.com/security/cve/CVE-2016-9621/ SUSE CVE CVE-2016-9621 page https://www.suse.com/security/cve/CVE-2016-9622/ SUSE CVE CVE-2016-9622 page https://www.suse.com/security/cve/CVE-2016-9623/ SUSE CVE CVE-2016-9623 page https://www.suse.com/security/cve/CVE-2016-9624/ SUSE CVE CVE-2016-9624 page https://www.suse.com/security/cve/CVE-2016-9625/ SUSE CVE CVE-2016-9625 page https://www.suse.com/security/cve/CVE-2016-9626/ SUSE CVE CVE-2016-9626 page https://www.suse.com/security/cve/CVE-2016-9627/ SUSE CVE CVE-2016-9627 page https://www.suse.com/security/cve/CVE-2016-9628/ SUSE CVE CVE-2016-9628 page https://www.suse.com/security/cve/CVE-2016-9629/ SUSE CVE CVE-2016-9629 page https://www.suse.com/security/cve/CVE-2016-9630/ SUSE CVE CVE-2016-9630 page https://www.suse.com/security/cve/CVE-2016-9631/ SUSE CVE CVE-2016-9631 page https://www.suse.com/security/cve/CVE-2016-9632/ SUSE CVE CVE-2016-9632 page https://www.suse.com/security/cve/CVE-2016-9633/ SUSE CVE CVE-2016-9633 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 w3m-0.5.3.git20161120-4.1 w3m-0.5.3.git20161120-4.1 as a component of SUSE Linux Enterprise Server 11 SP4 w3m-0.5.3.git20161120-4.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2010-2074 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2010-2074.html CVE-2010-2074 https://bugzilla.suse.com/609451 SUSE Bug 609451 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page. CVE-2016-9422 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9422.html CVE-2016-9422 https://bugzilla.suse.com/1011269 SUSE Bug 1011269 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. CVE-2016-9423 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9423.html CVE-2016-9423 https://bugzilla.suse.com/1011270 SUSE Bug 1011270 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page. CVE-2016-9424 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9424.html CVE-2016-9424 https://bugzilla.suse.com/1011271 SUSE Bug 1011271 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. CVE-2016-9425 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9425.html CVE-2016-9425 https://bugzilla.suse.com/1011272 SUSE Bug 1011272 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9434 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9434.html CVE-2016-9434 https://bugzilla.suse.com/1011283 SUSE Bug 1011283 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. CVE-2016-9435 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9435.html CVE-2016-9435 https://bugzilla.suse.com/1011284 SUSE Bug 1011284 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. CVE-2016-9436 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9436.html CVE-2016-9436 https://bugzilla.suse.com/1011285 SUSE Bug 1011285 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. CVE-2016-9437 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9437.html CVE-2016-9437 https://bugzilla.suse.com/1011286 SUSE Bug 1011286 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9438 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9438.html CVE-2016-9438 https://bugzilla.suse.com/1011287 SUSE Bug 1011287 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. CVE-2016-9439 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9439.html CVE-2016-9439 https://bugzilla.suse.com/1011288 SUSE Bug 1011288 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9440 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9440.html CVE-2016-9440 https://bugzilla.suse.com/1011289 SUSE Bug 1011289 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9441 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9441.html CVE-2016-9441 https://bugzilla.suse.com/1011290 SUSE Bug 1011290 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. CVE-2016-9442 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9442.html CVE-2016-9442 https://bugzilla.suse.com/1011291 SUSE Bug 1011291 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9443 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9443.html CVE-2016-9443 https://bugzilla.suse.com/1011292 SUSE Bug 1011292 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-9621 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9621.html CVE-2016-9621 https://bugzilla.suse.com/1011278 SUSE Bug 1011278 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012020 SUSE Bug 1012020 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9622 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9622.html CVE-2016-9622 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012021 SUSE Bug 1012021 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9623 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9623.html CVE-2016-9623 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012022 SUSE Bug 1012022 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9624 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9624.html CVE-2016-9624 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012023 SUSE Bug 1012023 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. CVE-2016-9625 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9625.html CVE-2016-9625 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012024 SUSE Bug 1012024 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. CVE-2016-9626 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9626.html CVE-2016-9626 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012025 SUSE Bug 1012025 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. CVE-2016-9627 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9627.html CVE-2016-9627 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012026 SUSE Bug 1012026 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9628 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9628.html CVE-2016-9628 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012027 SUSE Bug 1012027 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9629 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9629.html CVE-2016-9629 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012028 SUSE Bug 1012028 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. CVE-2016-9630 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9630.html CVE-2016-9630 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012029 SUSE Bug 1012029 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. CVE-2016-9631 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9631.html CVE-2016-9631 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012030 SUSE Bug 1012030 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. CVE-2016-9632 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9632.html CVE-2016-9632 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012031 SUSE Bug 1012031 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. CVE-2016-9633 SUSE Linux Enterprise Server 11 SP4:w3m-0.5.3.git20161120-4.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:w3m-0.5.3.git20161120-4.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163046-1/ https://www.suse.com/security/cve/CVE-2016-9633.html CVE-2016-9633 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1012032 SUSE Bug 1012032