SCIENTIFIC-LINUX-ERRATA Archives

July 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: w3m on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Tue, 27 Jul 2010 11:23:41 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (25 lines) 
Synopsis:	Moderate: w3m security update
Issue date:	2010-07-27
CVE Names:	CVE-2010-2074

It was discovered that w3m is affected by the previously published "null
prefix attack", caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted 
certificate signed by a trusted Certificate Authority, the attacker 
could use the certificate during a man-in-the-middle attack and 
potentially confuse w3m into accepting it by mistake. (CVE-2010-2074)

SL 5.x

     SRPMS:
w3m-0.5.1-17.el5_5.src.rpm
     i386:
w3m-0.5.1-17.el5_5.i386.rpm
w3m-img-0.5.1-17.el5_5.i386.rpm
     x86_64:
w3m-0.5.1-17.el5_5.x86_64.rpm
w3m-img-0.5.1-17.el5_5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2