Synopsis: Moderate: w3m security update Issue date: 2010-07-27 CVE Names: CVE-2010-2074 It was discovered that w3m is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake. (CVE-2010-2074) SL 5.x SRPMS: w3m-0.5.1-17.el5_5.src.rpm i386: w3m-0.5.1-17.el5_5.i386.rpm w3m-img-0.5.1-17.el5_5.i386.rpm x86_64: w3m-0.5.1-17.el5_5.x86_64.rpm w3m-img-0.5.1-17.el5_5.x86_64.rpm -Connie Sieh -Troy Dawson