https://bugzilla.redhat.com/show_bug.cgi?id=1399720
Bug ID: 1399720 Summary: CVE-2016-9625 w3m: HTMLlineproc0 infinite recursion Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: eng-i18n-bugs@redhat.com, i18n-bugs@lists.fedoraproject.org, pnemade@redhat.com
An infinite recursion will occur in w3m while parsing maliciously crafted input.
Upstream bug:
https://github.com/tats/w3m/issues/36
Upstream fix:
https://github.com/tats/w3m/commit/ff8510ab954ac5db478964351f6a78891c34f1d8
References:
http://seclists.org/oss-sec/2016/q4/488
https://bugzilla.redhat.com/show_bug.cgi?id=1399720
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |1107,reported=20161103,sour |1107,reported=20161122,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |V:N/AC:M/Au:N/C:N/I:N/A:P,c |vss3=4.3/CVSS:3.0/AV:N/AC:L |vss3=4.3/CVSS:3.0/AV:N/AC:L |/PR:N/UI:R/S:U/C:N/I:N/A:L, |/PR:N/UI:R/S:U/C:N/I:N/A:L, |cwe=CWE-674,fedora-all/w3m= |cwe=CWE-674,fedora-all/w3m= |affected,epel-7/w3m=affecte |affected,epel-7/w3m=affecte |d,rhel-5/w3m=new,rhel-6/w3m |d,rhel-5/w3m=new,rhel-6/w3m |=new |=new
https://bugzilla.redhat.com/show_bug.cgi?id=1399720
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1399744
https://bugzilla.redhat.com/show_bug.cgi?id=1399720
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1401423 Depends On| |1401424
--- Comment #1 from Huzaifa S. Sidhpurwala huzaifas@redhat.com ---
Created w3m tracking bugs for this issue:
Affects: fedora-all [bug 1401423] Affects: epel-7 [bug 1401424]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1401423 [Bug 1401423] w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401424 [Bug 1401424] w3m: various flaws [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1399720 Bug 1399720 depends on bug 1401423, which changed state.
Bug 1401423 Summary: w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401423
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1399720
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Status|NEW |CLOSED Resolution|--- |WONTFIX Whiteboard|impact=moderate,public=2016 |impact=low,public=20161107, |1107,reported=20161122,sour |reported=20161122,source=os |ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cvss3= |vss3=4.3/CVSS:3.0/AV:N/AC:L |4.3/CVSS:3.0/AV:N/AC:L/PR:N |/PR:N/UI:R/S:U/C:N/I:N/A:L, |/UI:R/S:U/C:N/I:N/A:L,cwe=C |cwe=CWE-674,fedora-all/w3m= |WE-674,fedora-all/w3m=affec |affected,epel-7/w3m=affecte |ted,epel-7/w3m=affected,rhe |d,rhel-5/w3m=new,rhel-6/w3m |l-5/w3m=wontfix,rhel-6/w3m= |=new |wontfix Severity|medium |low Last Closed| |2017-03-17 03:23:16
https://bugzilla.redhat.com/show_bug.cgi?id=1399720 Bug 1399720 depends on bug 1401424, which changed state.
Bug 1401424 Summary: w3m: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1401424
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
i18n-bugs@lists.fedoraproject.org