Package: w3m
Version: 0.5.1-5
Severity: important
Tags: security

Description:
A vulnerability has been reported in w3m, which potentially can be exploited by 
malicious people to compromise a user's system.

The vulnerability is caused due to a format string error when handling SSL 
certificates and can be exploited via a specially crafted SSL certificate 
containing 
format specifiers in the "CN" field.

Successful exploitation may allow execution of arbitrary code when e.g. 
visiting a malicious website, but requires that the application is running with 
either 
the "-dump" or "-backend" option.

The vulnerability is reported in version 0.5.1. Other versions may also be 
affected.


-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to