Mailinglist Archive: opensuse-updates (57 mails)

< Previous Next >
openSUSE-SU-2010:0393-1 (low): w3m security update (CVE-2010-2074) to handle 0 characters in x509 certificates properly.
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Mon, 19 Jul 2010 18:08:10 +0200 (CEST)
  • Message-id: <20100719160810.75D18BE27@xxxxxxxxxxxxxx>
openSUSE Security Update: w3m security update (CVE-2010-2074) to handle 0
characters in x509 certificates properly.

Announcement ID: openSUSE-SU-2010:0393-1
Rating: low
References: #609451
Cross-References: CVE-2010-2074
Affected Products:
openSUSE 11.2
openSUSE 11.1
openSUSE 11.0

An update that fixes one vulnerability is now available.


w3m did not handle embedded nul characters in the common
name and in subject alternative names of x509 certificates.
CVE-2010-2074 has been assigned to this issue. This update
also turns on verification of x509 certificates by default
which was not the case before.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.2:

zypper in -t patch w3m-2559

- openSUSE 11.1:

zypper in -t patch w3m-2559

- openSUSE 11.0:

zypper in -t patch w3m-2559

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 11.2 (i586 src x86_64):


- openSUSE 11.2 (i586 x86_64):


- openSUSE 11.1 (i586 ppc src x86_64):


- openSUSE 11.1 (i586 ppc x86_64):


- openSUSE 11.0 (i586 ppc src x86_64):


- openSUSE 11.0 (i586 ppc x86_64):



< Previous Next >
This Thread
  • No further messages