Oval Definition:oval:com.redhat.rhsa:def:20100565
Revision Date:2010-07-27Version:640
Title:RHSA-2010:0565: w3m security update (Moderate)
Description:The w3m program is a pager (or text file viewer) that can also be used as a text mode web browser.

  • It was discovered that w3m is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake. (CVE-2010-2074)

    All w3m users should upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2010-2074
    RHSA-2010:0565
    RHSA-2010:0565-01
    RHSA-2010:0565-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • w3m is earlier than 0:0.5.1-17.el5_5
  • AND w3m is signed with Red Hat redhatrelease2 key
  • w3m-img is earlier than 0:0.5.1-17.el5_5
  • AND w3m-img is signed with Red Hat redhatrelease2 key
    • BACK