Bug 22504 - w3m new security issues CVE-2018-6196, CVE-2018-6197, CVE-2018-6198
Summary: w3m new security issues CVE-2018-6196, CVE-2018-6197, CVE-2018-6198
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK
Keywords: advisory, validated_update
: 27737 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-02-01 21:27 CET by David Walser
Modified: 2020-12-04 13:36 CET (History)
7 users (show)

See Also:
Source RPM: w3m-0.5.3-12.git20161120.1.mga6.src.rpm
CVE:
Status comment: Patches available from Ubuntu


Attachments

Description David Walser 2018-02-01 21:27:22 CET
Ubuntu has issued an advisory today (February 1):
https://usn.ubuntu.com/usn/usn-3555-1/

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-02-01 21:27:33 CET

Whiteboard: (none) => MGA6TOO

David Walser 2018-02-02 18:33:54 CET

Status comment: (none) => Patches available from Ubuntu

Comment 1 Marja Van Waes 2018-02-03 07:40:29 CET
Assigning to the registered maintainer.

Version: 6 => Cauldron
Assignee: bugsquad => pterjan
CC: (none) => marja11

Comment 2 David Walser 2018-02-10 22:34:32 CET
Fedora has issued an advisory for this on February 8:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XBJ7YSI7YUIFUICUS25Q5MT73QWGPFK/
Comment 3 Pascal Terjan 2018-07-07 19:59:42 CEST
w3m-0.5.3-13.git20180520.0.mga5 uploaded to 5/core/updates_testing 
w3m-0.5.3-13.git20180520.0.mga6 uploaded to 6/core/updates_testing
w3m-0.5.3-13.git20180520.1.mga7 uploaded to cauldron/core/release
Comment 4 David Walser 2018-07-07 21:45:49 CEST
Advisory:
========================

Updated w3m package fixes security vulnerabilities:

It was discovered that w3m incorrectly handled certain inputs. An attacker
could possibly use this to cause a denial of service (CVE-2018-6196,
CVE-2018-6197).

It was discovered that w3m incorrectly handled temporary files. An attacker
could possibly use this to overwrite arbitrary files (CVE-2018-6198).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6198
https://usn.ubuntu.com/3555-1/

Whiteboard: MGA6TOO => MGA5TOO
Assignee: pterjan => qa-bugs
Version: Cauldron => 6
CC: (none) => pterjan

Comment 5 Herman Viaene 2018-07-09 14:03:47 CEST
MGA5-32 Xfce on Dell Latitude D600
No installation issues.
At CLI: w3m www.google.be
brought up the site, navigating with tab or mouse. For info of later users: everything you type is a command. To get to search for something, navigate to the Search box end press "Enter". That opens a text input line at the bottom of the window to enter your search terms. Enter to execute.
Works OK.

CC: (none) => herman.viaene
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OK

Comment 6 Len Lawrence 2018-07-09 20:40:33 CEST
Mageia 6, x86_64

Before updating tried to find PoCs.  Two of the CVEs appear to have reproducers but they involve creating binary files from published hexdumps and the use of w3m-tats which we do not appear to have.  Or maybe it needs some special invocation.

Updated w3m and pointed it at exoplanet.eu in a mate-terminal.  Navigated around but was unable to display tables because w3m-js is needed or at least some kind of javascript extension.  Tried the search facility on "APOD" and picked a site from the list returned.  Clicking on the empty panel under the title brought up the image of the day.  Web links all work fine and so does the back arrow.  Used H to find out how to exit the browser (q or Q).

Working OK.

CC: (none) => tarazed25
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK

Comment 7 Dave Hodgins 2018-07-11 22:44:25 CEST
Advisory committed to svn. Validating the update.

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 8 Mageia Robot 2018-07-11 23:48:19 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0312.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 9 David Walser 2020-12-04 13:36:41 CET
*** Bug 27737 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu


Note You need to log in before you can comment on or make changes to this bug.