Bug 33027

Summary: w3m new security issues CVE-2023-3825[23] and CVE-2023-4255
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, dan, sysadmin-bugs
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9-64-OK
Source RPM: w3m-0.5.3-13.git20220429.1.mga9.src.rpm CVE: CVE-2023-38252, CVE-2023-38253, CVE-2023-4255
Status comment:

Description Nicolas Salguero 2024-03-28 15:11:45 CET 
Fedora has issued an advisory on March 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/

Mageia 9 is also affected.
Nicolas Salguero 2024-03-28 15:12:32 CET

CVE: (none) => CVE-2023-38252, CVE-2023-38253, CVE-2023-4255
Status comment: (none) => Patch available from Fedora
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => w3m-0.5.3-13.git20220429.1.mga9.src.rpm

Comment 1 Nicolas Salguero 2024-03-28 16:51:49 CET 
Suggested advisory:
========================

The updated package fixes security vulnerabilities:

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. (CVE-2023-38252)

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. (CVE-2023-38253)

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. (CVE-2023-4255)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
========================

Updated package in core/updates_testing:
========================
w3m-0.5.3-13.git20230121.1.mga9

from SRPM:
w3m-0.5.3-13.git20230121.1.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Whiteboard: MGA9TOO => (none)
Status comment: Patch available from Fedora => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 9

katnatek 2024-03-28 18:47:13 CET

Keywords: (none) => advisory

katnatek 2024-03-29 02:38:18 CET

CC: (none) => andrewsfarm

Comment 2 katnatek 2024-03-29 02:40:52 CET 
urpmi w3m


    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/w3m-0.5.3-13.git20220429.1.mga9.x86_64.rpm
instalando w3m-0.5.3-13.git20220429.1.mga9.x86_64.rpm desde /var/cache/urpmi/rpms                                                   
Preparando...                    ##################################################################################################
      1/1: w3m                   ##################################################################################################

LC_ALL=C urpmi --auto --auto-update 
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing w3m-0.5.3-13.git20230121.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: w3m                   ##################################################################################################
      1/1: removing w3m-0.5.3-13.git20220429.1.mga9.x86_64
                                 ##################################################################################################

open this bug with w3m
w3m https://bugs.mageia.org/show_bug.cgi?id=33027

Load a text mode  version of the page
Give OK based in previous criteria

Whiteboard: (none) => MGA9-64-OK

Comment 3 Thomas Andrews 2024-03-29 16:23:20 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Dan Fandrich 2024-03-31 05:13:56 CEST 
The SRPM in the advisory doesn't match the one in the bug.

CC: (none) => dan

Comment 5 katnatek 2024-03-31 05:24:00 CEST 
(In reply to Dan Fandrich from comment #4)
> The SRPM in the advisory doesn't match the one in the bug.

Fixed and thank you
Comment 6 Mageia Robot 2024-04-01 21:51:49 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0105.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED